I have no idea. . .

I have no idea. . .3rd February 2010, 6:12 am

Hi! And thanks in advance for the help. . .

Okay, I'm no stranger to viruses, my computer has had a few. . .but whatever is wrong now has got me completely stumped.

Startup is extremely slow, I have trouble shutting down programs or minimizing pages (if I try to shut down my computer it will sit there forever with the "shutting down _____" messages, and it will generally freeze), and I've actually had a record number of firefox issues within the last few days. Programs will become unresponsive nearly every time they are opened for more than a few minutes, and my computer has been freezing more and more every day. My task manager has become finicky. . .sometimes it will show itself and sometimes it will not.

Perhaps the strangest things that have happened are that my WordPerfect will not open unless the computer is in safe mode. While in safe mode, I opened one file and something came up warning about some sort of macro. I deleted the file immediately, assuming I had some sort of macro virus.

I must note that I had gotten calls from several friends and family members about an email that had been sent from my yahoo account. Something about a free laptop. I changed my password as soon as possible, and the emails seem to have stopped for now, though I'm not quite convinced it was because of the password change.

I can't think of how this could have happened. I have never downloaded any attachments unless I knew exactly what they were, and I have never opened anything that was suspicious. In fact, I would say about 99% of the mail I get is deleted without me ever opening it.

A few other things have happened, but they are all very random. An alert will pop up from my anti-virus saying that protection has been cut off, but when I go to fix it, it appears that everything is okay. In a few moments I will be alerted again. This goes on for as long as the computer is running. Error messages will pop up. . they are generally different ones and few of them show up more than once, but there are just SO many of them. One is related to my logitech web cam, I believe. It is a message that says "Unable to launch restart.exe". My webcam light will come on at start up and will not go off. The webcam issues were present with a previous virus that we had, which is why I am including them now. There could be a mundane explanation for it,though.

I have run everything I can think of. At the beginning of the trouble, we had AVG. Our license expired a few days ago and it was replaced by CA. I have run scans through all of these, and also malwarebytes, and nothing has come up. I have run scans in both safe modes and normal modes with all of them. I have also ran some specialized scans for macro viruses, and nothing has been picked up.

At first we thought the troubles were related to the switching of the anti-virus software (which some of it may be, I don't know). But, upon reflection, we realized that many of the issues began a couple of weeks before our AVG license ran out. I have dealt with the trojan Vundo within the last year (I think. . .) and I was always very paranoid that I did not get all of it out. Again, though, nothing is being picked up by anything that I have used. I must also add that my niece house sitted for me around the time all of this began, and, to be honest, I have no idea what she did or downloaded on my computer besides limewire (which I promptly deleted on its discovery). It was, in fact, the day I came home when I first noticed some of the problems that were going on.

Sorry this post is so long! I just wanted to make sure I put all I could into it. I will put my hijackthis log in another post. Oh, and I believe my adobe and java are all up to date. . .but I have been denying access the last few days as I have had viruses in the past that used those programs (or one of them, and I can't remember which one) and I just wanted to play it safe until I knew for a fact that they weren't involved.

Re: I have no idea. . .3rd February 2010, 6:15 am

Here is the HijackThis log!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:32 PM, on 2/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Documents and Settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Documents and Settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.0.13)_Gecko/2009073022_Firefox/3.0.13_(.NET_CLR_3.5.30729)_FBSMTWB" -"http://www.nickjr.com/playtime/cats/art/all_art_games/blue_artappreciation.jhtml"
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.38.33/ttinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe

--
End of file - 15443 bytes

Re: I have no idea. . .3rd February 2010, 4:15 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Re: I have no idea. . .3rd February 2010, 8:43 pm

Thank you for your response!! This is my combofix log.

I believe I disabled everything correctly. . .I have never used CA before, so I'm a little unfamiliar with how it works. I couldn't find it on any of the lists I looked at with information on disabling things properly. Let me know if I missed something.

ComboFix 10-02-03.01 - Steven Wilkins 02/03/2010 12:49:01.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1343 [GMT -6:00]
Running from: c:\documents and settings\Steven Wilkins\My Documents\Downloads\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\STEVEN~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Steven Wilkins\Application Data\.#
c:\documents and settings\Steven Wilkins\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\kb913800.exe
c:\windows\system32\Data
c:\windows\system32\mkghj.dll
c:\windows\system32\service
c:\windows\system32\service\11112008_TIS17_SfFniAU.log

.
((((((((((((((((((((((((( Files Created from 2010-01-03 to 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-01-28 00:27 . 2010-01-28 00:27 503808 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\msvcp71.dll
2010-01-28 00:27 . 2010-01-28 00:27 348160 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\msvcr71.dll
2010-01-28 00:27 . 2010-01-28 00:27 499712 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\jmc.dll
2010-01-28 00:27 . 2010-01-28 00:27 61440 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-598350f7-n\decora-sse.dll
2010-01-28 00:27 . 2010-01-28 00:27 12800 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-598350f7-n\decora-d3d.dll
2010-01-24 19:10 . 2010-02-03 18:44 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\CallingID
2010-01-24 19:02 . 2010-01-24 19:20 -------- d-----w- c:\windows\rnapxs
2010-01-24 19:00 . 2009-07-30 15:37 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll
2010-01-24 19:00 . 2010-01-24 19:03 -------- d-----w- c:\program files\CA
2010-01-24 18:49 . 2010-01-24 18:55 132441184 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\FD533F7A6C66623BF76127B06BC7FCF6.exe
2010-01-17 03:26 . 2010-01-17 03:26 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\GamersDigital
2010-01-17 03:26 . 2010-01-17 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\GamersDigital
2010-01-13 16:36 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 01:02 . 2010-01-12 01:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album
2010-01-12 01:02 . 2010-01-12 01:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Corel Photo Album
2010-01-10 16:41 . 2010-01-10 16:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-01-10 16:41 . 2010-01-10 16:41 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Roxio
2010-01-10 16:32 . 2010-01-24 04:38 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\libfftw3f-3-1-1a_upx.dll
2010-01-10 16:32 . 2010-01-24 04:38 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\setiathome_6.03_windows_intelx86.exe
2010-01-10 16:32 . 2010-01-24 01:24 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\libfftw3f-3-1-1a_upx.dll
2010-01-10 16:32 . 2010-01-24 01:24 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\setiathome_6.03_windows_intelx86.exe
2010-01-10 04:46 . 2010-01-10 04:46 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\acccore
2010-01-10 04:46 . 2010-01-10 04:47 -------- d-----w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\AIM
2010-01-10 04:46 . 2010-01-10 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-01-10 03:55 . 2010-01-10 03:55 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\InstallShield
2010-01-10 03:52 . 2010-01-10 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-01-09 01:34 . 2010-01-12 17:37 256 ----a-w- c:\windows\system32\pool.bin
2010-01-09 01:34 . 2010-01-10 16:52 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Research In Motion
2010-01-09 01:33 . 2009-01-09 22:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-01-09 01:33 . 2010-01-10 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-01-09 01:33 . 2010-01-10 16:54 -------- d-----w- c:\program files\Research In Motion
2010-01-09 01:33 . 2010-01-09 01:33 -------- d-----w- c:\program files\Common Files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 17:13 . 2009-11-26 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BOINC
2010-02-03 17:09 . 2006-06-24 04:45 -------- d-----w- c:\program files\CyberPower PowerPanel Personal Edition
2010-02-03 17:09 . 2008-07-13 15:53 849 --sha-w- c:\windows\system32\mmf.sys
2010-02-03 03:45 . 2009-07-14 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-03 03:44 . 2008-01-25 18:44 -------- d-----w- c:\program files\Oberon Media
2010-02-03 00:35 . 2007-10-01 17:52 56 --sh--r- c:\windows\system32\4326BF1B47.sys
2010-02-03 00:35 . 2006-06-18 00:20 6268 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-28 00:27 . 2006-06-13 04:24 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 00:27 . 2006-06-13 04:24 -------- d-----w- c:\program files\Java
2010-01-24 19:07 . 2010-01-24 19:03 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2010-01-24 19:07 . 2010-01-24 19:03 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2010-01-24 19:07 . 2010-01-24 19:03 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2010-01-24 19:07 . 2010-01-24 19:03 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2010-01-24 19:07 . 2010-01-24 19:03 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2010-01-24 19:07 . 2010-01-24 19:03 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2010-01-24 19:07 . 2010-01-24 19:03 111856 ----a-w- c:\windows\system32\isafprod.dll
2010-01-24 19:03 . 2010-01-24 19:03 -------- d-----w- c:\program files\ISSThirdParty
2010-01-24 19:03 . 2010-01-24 19:03 -------- d-----w- c:\program files\Common Files\Scanner
2010-01-24 19:03 . 2010-01-24 19:03 4747264 ----a-w- c:\windows\system32\win32cpr.dll
2010-01-24 19:03 . 2010-01-24 19:03 1867776 ----a-w- c:\windows\system32\winsflt.dll
2010-01-24 19:02 . 2006-06-13 04:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-24 18:49 . 2007-08-28 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-01-24 18:23 . 2009-11-05 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-21 01:20 . 2009-12-19 06:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 17:51 . 2009-11-09 21:20 0 ----a-w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\prvlcl.dat
2010-01-17 23:29 . 2007-09-17 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 19:52 . 2006-06-16 16:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 01:16 . 2006-06-18 00:20 88 -csh--r- c:\windows\system32\471BBF2643.sys
2010-01-12 01:02 . 2009-01-17 23:26 100520 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-12 00:59 . 2006-07-11 23:32 -------- d-----w- c:\program files\Yahoo!
2010-01-12 00:53 . 2006-07-11 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-01-12 00:51 . 2006-06-13 04:33 -------- d-----w- c:\program files\Common Files\AOL
2010-01-10 16:52 . 2006-06-18 00:23 100520 ----a-w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-10 03:55 . 2006-06-13 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-10 03:53 . 2006-06-13 04:29 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-10 03:52 . 2006-06-13 04:40 -------- d-----w- c:\program files\Roxio
2010-01-05 10:00 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll
2009-12-24 16:51 . 2009-12-24 16:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-12-23 23:02 . 2009-12-23 22:59 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Virtual City
2009-12-23 18:19 . 2008-06-05 21:03 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\gtk-2.0
2009-12-21 19:46 . 2009-12-21 19:46 -------- d-----w- c:\program files\DivX
2009-12-21 19:46 . 2009-12-21 19:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-20 20:28 . 2009-12-20 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-12-20 20:26 . 2009-12-20 20:26 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\TomTom
2009-12-20 20:26 . 2009-12-20 20:26 -------- d-----w- c:\program files\TomTom International B.V
2009-12-20 20:26 . 2009-12-20 20:26 -------- d-----w- c:\program files\TomTom HOME 2
2009-12-20 00:00 . 2009-12-20 00:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-17 23:14 . 2009-01-11 16:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 17:05 . 2009-12-16 17:04 -------- d-----w- c:\program files\QuickTime
2009-12-16 17:04 . 2009-12-16 17:01 -------- d-----w- c:\program files\Kodak
2009-12-16 17:03 . 2009-12-16 17:03 -------- d-----w- c:\program files\Common Files\Kodak
2009-12-16 17:02 . 2009-12-16 17:02 11572208 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\QuickTimeInstaller.exe
2009-12-16 17:02 . 2009-12-16 17:02 163840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\KDEVICES\CR2\cr_stop.exe
2009-12-16 17:02 . 2009-12-16 17:02 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\KSUStop.exe
2009-12-16 17:02 . 2009-12-16 17:02 167936 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\CCS\CCSStop.exe
2009-12-16 17:01 . 2009-12-16 17:01 401408 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_9f2af6a\EasyShrx.Dll
2009-12-16 17:01 . 2009-12-16 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-12-11 22:32 . 2009-04-27 20:32 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Playrix Entertainment
2009-12-11 00:32 . 2008-06-15 03:27 -------- d-----w- c:\program files\7-Zip
2009-12-11 00:26 . 2007-09-11 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-11 00:26 . 2006-06-13 04:29 -------- d-----w- c:\program files\Dell
2009-12-11 00:22 . 2008-09-14 23:37 1304 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-12-11 00:15 . 2006-06-13 04:41 -------- d-----w- c:\program files\Google
2009-12-09 23:11 . 2009-12-09 23:11 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\ElementalsTheMagicKey
2009-12-05 20:59 . 2009-12-03 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Artist Colony
2009-11-28 18:03 . 2009-11-28 18:03 448600 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3-1-1a_upx.dll
2009-11-28 18:03 . 2009-11-28 18:03 406016 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
2009-11-28 18:03 . 2009-11-28 18:03 267776 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setigraphics_6.03_windows_intelx86.exe
2009-11-21 15:51 . 2005-08-16 09:18 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:49 . 2009-12-21 19:46 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 03:17 . 2009-11-12 03:17 152576 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-12 03:17 . 2009-11-10 04:24 79488 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-06 22:58 . 2009-11-06 22:58 803584 ----a-w- c:\windows\boinc.scr
2008-12-29 04:05 . 2008-12-29 04:05 434 ----a-w- c:\program files\ryfrcsa.txt
2008-07-07 00:28 . 2008-07-07 00:28 0 ----a-w- c:\program files\temp01
2006-06-24 16:03 . 2006-06-24 16:03 251 -c--a-w- c:\program files\wt3d.ini
2009-02-22 00:12 . 2009-01-25 19:08 88 --sh--r- c:\windows\system32\7996F5D1F8.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2005-10-24 262144]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-01 67128]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-06-13 26112]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-11-06 4793088]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2009-11-06 58112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-16 77824]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2010-01-24 374000]
"dvHighMem"="c:\windows\cfgmng32.exe" [2009-06-01 10940416]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2010-01-24 271600]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2010-01-24 333040]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe" [2010-01-24 14064]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-07-16 636144]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-07-16 337136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2009-06-23 1422776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2009-03-27 22:27 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\UmxSbxExw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\windows\system32\ijebmevd.exe c:\windows\system32\ijebmevd.exe:changelist\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/8/2009 11:02 AM 108024]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [4/1/2009 10:45 AM 73720]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [4/28/2009 10:52 AM 55288]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/8/2009 11:02 AM 115704]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [1/24/2010 1:00 PM 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/8/2009 11:02 AM 145912]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [3/27/2009 4:27 PM 58872]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 5:31 AM 92008]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [4/1/2009 10:45 AM 875000]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [6/15/2009 11:32 AM 760664]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [4/1/2009 10:45 AM 207352]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [1/24/2010 1:03 PM 1400832]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [4/1/2009 10:45 AM 205304]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [1/24/2010 1:03 PM 222448]
S0 stlntbm;stlntbm;c:\windows\system32\drivers\idfda.sys --> c:\windows\system32\drivers\idfda.sys [?]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/13/2008 9:53 AM 2560]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-04 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: neopets.com\www
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Steven Wilkins\Application Data\Mozilla\Firefox\Profiles\180nqnda.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.simalo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=0HZ2lRXV&q=
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - hȋdden: XUL Cache: {E5AC022A-6286-44CD-BE33-663D9ABE099E} - c:\documents and settings\Steven Wilkins\Local Settings\Application Data\{E5AC022A-6286-44CD-BE33-663D9ABE099E}
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.simalo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=0HZ2lRXV&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 12:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\SecuROM\License information*]
"datasecu"=hex:9e,2e,0e,a2,45,38,49,80,3a,44,e1,12,b4,db,c3,b7,43,77,13,a6,d1,
bb,21,01,a3,68,a1,5c,b5,6a,d9,96,ba,32,d9,fb,bc,39,d7,e7,32,3b,d3,74,50,3e,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0]
"1"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,b4,b6,07,c1,1b,95,01,
2f
"2"=hex:e4,d7,da,38,b0,b5,3c,88,a2,01,5f,80,71,fc,07,41,22,5f,c1,26,5d,01,8c,
86
"3"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,53,86,fb,a3,af,c0,18,
8b,f9,e5,ef,ce,f2,5f,47,59,1f,2b,25,f6,12,48,81,74

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0\FD1E79A92259B5BC6F3673C7C70B3F80]
"1"=hex:a0,05,e5,14,70,56,59,19,19,f2,d5,d0,45,ea,42,c8,7b,0e,8f,12,8d,fe,0d,
89,e7,25,77,a8,98,63,f3,0c
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:4a,96,16,fb,80,e9,b8,09,b5,a8,4b,7d,13,05,ed,a9,36,6f,2e,0a,c1,b9,4f,
13,60,7b,5d,83,7e,a0,72,39,72,37,3f,58,1d,6c,1e,94,33,24,6f,1b,39,dd,60,ce,\
"4"=hex:eb,1f,6a,44,5b,57,2e,42
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:c9,3a,93,65,d5,aa,5c,a5,af,ff,f0,6c,ea,dc,3b,16,d5,46,14,1e,de,21,e3,
92,cf,d2,a7,a7,d7,a8,3c,60,6f,1e,ad,24,4c,e4,b3,35,f5,88,93,81,10,50,6e,57,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,d5,51,9f,32,fb,06,fa,
8c,e8,22,fe,5a,96,f6,72,ff,b7,d3,87,b3,8d,54,9f,32,5f,3a,e2,a1,97,10,45,b9,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:c7,b0,18,85,7b,39,96,ed
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1876)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(264)
c:\windows\system32\winsflt.dll
.
Completion time: 2010-02-03 13:04:55
ComboFix-quarantined-files.txt 2010-02-03 19:04
ComboFix2.txt 2009-02-07 04:46
ComboFix3.txt 2009-02-04 22:28
ComboFix4.txt 2009-02-02 03:21
ComboFix5.txt 2010-02-03 18:47

Pre-Run: 113,258,360,832 bytes free
Post-Run: 114,320,723,968 bytes free

- - End Of File - - D4F8895FE6A092BF0057F6996A64E172

Re: I have no idea. . .4th February 2010, 2:25 pm

Hi again. Please do these steps in order.

1. Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

2.

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

5. Post the following in your next reply:

MBAM log
SAS log
ESET log

And, please tell me how your computer is doing.

Re: I have no idea. . .5th February 2010, 7:59 pm

Ok, here is my malwarebytes log. I'm very happy because this is the first time its picked anything up since my computer started acting up.

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/4/2010 11:11:20 PM
mbam-log-2010-02-04 (23-11-20).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 222201
Time elapsed: 57 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP960\A0161375.sys (Malware.Trace) -> Quarantined and deleted successfully

-----------------------

And here is my SAS log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/05/2010 at 11:37 AM

Application Version : 4.33.1000

Core Rules Database Version : 4559
Trace Rules Database Version: 2371

Scan type : Complete Scan
Total Scan Time : 00:37:50

Memory items scanned : 650
Memory threats detected : 0
Registry items scanned : 8074
Registry threats detected : 5
File items scanned : 31916
File threats detected : 7

Adware.Tracking Cookie
C:\Documents and Settings\Steven Wilkins\Cookies\steven_wilkins@richmedia.yahoo[1].txt

Rogue.Component/Trace
HKLM\Software\Microsoft\EC3627EA
HKLM\Software\Microsoft\EC3627EA#ec3627ea
HKLM\Software\Microsoft\EC3627EA#Version
HKLM\Software\Microsoft\EC3627EA#ec368a6a
HKLM\Software\Microsoft\EC3627EA#ec36e38f

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\DLLYTERA.DLL
C:\WINDOWS\SYSTEM32\EOLNVTJT.DLL
C:\WINDOWS\SYSTEM32\HEGOYSUR.DLL
C:\WINDOWS\SYSTEM32\JXSMLUOO.DLL
C:\WINDOWS\SYSTEM32\SJNJOHUS.DLL
C:\WINDOWS\SYSTEM32\WELNKGWR.DLL
----------------------------------

And here is the ESET log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a6dfff33895acd48a1bb80daad7ebab4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-05 07:17:20
# local_time=2010-02-05 01:17:20 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 32907576 32907576 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 7848265 7848265 0 0
# compatibility_mode=4866 16775125 100 100 0 67685855 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=89195
# found=4
# cleaned=4
# scan_time=3133
C:\Qoobox\Quarantine\C\WINDOWS\system32\eKmUxyxx.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\eKmUxyxx.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\kUwxwvut.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\kUwxwvut.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

-------------------------

As for how my computer is doing. . .My wordperfect still is not working and the restart.exe error popped up again today. I haven't seen any other errors pop up in a while, only that one. I really appreciate all your help with this. I'm a writer, so I have a lot of information stored in wordperfect. I copied everything over to word pad while I was in safe mode and made backups of everything so, even if I do end up losing wordperfect, I'll still have all of my information. Does anything in particular come to mind with the way my wordperfect is functioning. . .or not functioning, to be precise. Everything was fine with it, and just one day it would not open, nor would any of the files within it (unless in safe mode). Should I just delete it? Do you think maybe the source of the problem is in there somewhere?

Re: I have no idea. . .5th February 2010, 10:31 pm

I can check WordPerfect closer.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
I have no idea. . . Icon13

Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button. I have no idea. . . 2hd457o

Set it to Maximum

I have no idea. . . 2n9gldh

IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.

Click Create Report to run it. I have no idea. . . 2ekm73m

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Re: I have no idea. . .8th February 2010, 5:43 pm

Sorry its taken me so long to get back to this, I've been sick.

Here is the URL:

http://www.getsysteminfo.com/read.php?file=d9cdf67e174ce0ed0f7c5ee43d97111a

I peeked over it. . . Yikes

I'm unfamiliar with this program, but I'm sure red codes are never good. . . Although much of the stuff it picked up was from CA. . .

Re: I have no idea. . .8th February 2010, 6:09 pm

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Re: I have no idea. . .8th February 2010, 8:26 pm

Here it is. . .it came back clean.

Malwarebytes' Anti-Malware 1.44
Database version: 3709
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/8/2010 1:54:11 PM
mbam-log-2010-02-08 (13-54-11).txt

Scan type: Quick Scan
Objects scanned: 134903
Time elapsed: 9 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: I have no idea. . .8th February 2010, 8:58 pm

I just tried to open up my WordPerfect and it came on fine. . .I don't understand, because until this very moment, it would not open. . .and if opened in safe mode the macro warning would come up. . .between the last time I opened it and this time, I haven't deleted or cleaned anything. Malwarebytes was the only thing I ran, but it didn't find anything. . .

I think I'm more paranoid now than I was when it wasn't working at all. The last time I turned my computer on, the webcam was still acting the same, and the antivirus warning has still been coming up. . .though, now that I think about it, it hasn't been doing it near as frequently. In fact, I think it only did it once so far today, as opposed to every few minutes.

The only error messages I have seen were the restart.exe and one about a missing .dll. Neither have been coming up as much, only around every other time the computer is started, if that. If a .dll file were really missing, wouldn't the error pop up every time the computer was started? I think I've almost become conditioned to the .dll message because its been popping up a lot longer than the restart.exe message. . .it first started when Vundo was in my system, but I had someone look over everything and they gave my computer a clean bill of health. . .so I just figured maybe it was something that got lost along the way. My computer never really seemed to act any different. I've only recently become suspicious of it by the way it seems to pop up sort of radomly. . .and occasionally, like the restart.exe message, a significant amount of time after the start up of the computer.

Just, in general, within the last year there have been many different, seemingly isolated, problems with my computer. The problems will seem to go away or just stop, but things will seem to start up again in a few months. This is the second time I've come to a forum to get help. . .last time, about the same thing happened. Things were deleted, but the problems continued. . .but then, when nothing was changed, the problems seemed to stop completely and my computer began to function normally again. Then things will begin to pick up again, slowly. A file will disappear one day. . .then, maybe a week later a program will stop working (sometimes for just a few days or, as with the WordPerfect, for a month or so). . .my automatic updates will be disabled and I may experience a few frustrating days dealing with that before it stops.

I've even had some instances where a file would appear that I know wasn't there before or that I had deleted. The other day I found a file in WordPerfect while I was in safe mode that looked like an old resume that I had deleted in July. I deleted it again, knowing that it was something that should not be there. The original name was different, as well.

Also, one thing that we never really had any satisfactory answer to, one of our hotmail accounts was completely taken over. The password was changed and everything and we were never able to access it again. That was probably around a year ago (maybe a little longer). . .around the same time our computer started having these start and stop issues.

Every time something happens, I will run every scan I can think of. Sometimes they'll come up with something, but if they do, its usually not something that would cause that type of behavior. Up until now I've looked at them all as separate incidents. . .but, upon reflecting on it all, it seems to be that I'm either an extremely unlucky person (which, in general, I am, so this could very well be the case) or maybe its all somehow connected.

I'm worried that that is what is happening now. If I were the type of person that had high-risk tendencies, I would understand. . .but I try to keep everything up to date, I run scans daily, I disconnect my internet when I'm not using it (or I try to remember to), I stick to websites I trust. . .yet my computer has had more problems than people I know that DO have high risk behavior. I don't know what could possibly be going on. I guess, as of right now, everything is functioning pretty normal.

Any advice or suggestions you could give would be most appreciated. . and I thank you SO much for your time so far. Its nice to have people around that know what they're doing and are willing to help people when they've reached the level of frustration that I have. Big Grin

Re: I have no idea. . .8th February 2010, 9:43 pm

Not wanting to scare you, but it might be a hacker. We can fix that.

===

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

RegLockDel::
[-HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\SecuROM]

[-HKEY_LOCAL_MACHINE\software\LicCtrl]
Reboot::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

====

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply. As well as the ComboFix log.

Re: I have no idea. . .10th February 2010, 8:58 pm

Okay. . .I had A LOT of trouble running these two scans. My computers one day of running close to normal is officially over.

Everything is becoming unresponsive, so I have to finish this message quickly. This is like the fourth time I've tried to post this, and every time my firefox becomes unresponsive and shuts down. My task bar becomes unresponsive, I'm having difficulty bringing my task manager up, and my computer keeps freezing. I can't even shut it down normally. If I try to shut it down, it may get to the point where only the desktop background is visible, but it will go no further. I actually waited an hour (one time just to see if it would ever completely shut down on its own) for my computer to shut down, and it never got past this point. When starting anything up, whether it is the actual computer or a program, it takes forever.

Combofix would not run the first few times I tried it, so I uninstalled it and re-installed it. It ran fine that time. I could not get GMER to work properly the first few times. Sometime around the end of the scan the dreaded blue screen would appear on my computer. It said the error was related to file 9E0BFD20 (I think, I scribbled it down so fast I'm having trouble reading it now). That was a file, whether this information is worth anything or not, that was on the list of things GMER had scanned.

The last time I tried GMER, it seemed to work okay. . .but I got no notices about rootkit activity and nothing came up about a log. Here is the Combofix log that I managed to get:

-----------------------------

ComboFix 10-02-09.03 - Steven Wilkins 02/09/2010 21:48:07.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1365 [GMT -6:00]
Running from: c:\documents and settings\Steven Wilkins\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Steven Wilkins\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\STEVEN~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Steven Wilkins\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
.
---- Previous Run -------
.
c:\docume~1\STEVEN~1\LOCALS~1\Temp\clclean.0001.dir.0002\~df394b.tmp
c:\documents and settings\Steven Wilkins\Local Settings\Application Data\{E5AC022A-6286-44CD-BE33-663D9ABE099E}\chrome.manifest
c:\documents and settings\Steven Wilkins\Local Settings\Application Data\{E5AC022A-6286-44CD-BE33-663D9ABE099E}\chrome\content\_cfg.js
c:\documents and settings\Steven Wilkins\Local Settings\Application Data\{E5AC022A-6286-44CD-BE33-663D9ABE099E}\chrome\content\c.js
c:\documents and settings\Steven Wilkins\Local Settings\Application Data\{E5AC022A-6286-44CD-BE33-663D9ABE099E}\chrome\content\overlay.xul
c:\documents and settings\Steven Wilkins\Local Settings\Application Data\{E5AC022A-6286-44CD-BE33-663D9ABE099E}\install.rdf
c:\documents and settings\Steven Wilkins\Local Settings\temp\clclean.0001.dir.0002\~df394b.tmp

.
((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
.

2010-02-05 18:18 . 2010-02-05 18:18 -------- d-----w- c:\program files\ESET
2010-02-05 16:56 . 2010-02-05 16:56 52224 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-05 16:56 . 2010-02-09 22:16 117760 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-05 16:55 . 2010-02-05 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-05 16:55 . 2010-02-05 16:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-05 16:55 . 2010-02-05 16:55 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\SUPERAntiSpyware.com
2010-02-05 16:54 . 2010-02-05 16:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 00:27 . 2010-01-28 00:27 503808 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\msvcp71.dll
2010-01-28 00:27 . 2010-01-28 00:27 348160 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\msvcr71.dll
2010-01-28 00:27 . 2010-01-28 00:27 499712 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\jmc.dll
2010-01-28 00:27 . 2010-01-28 00:27 61440 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-598350f7-n\decora-sse.dll
2010-01-28 00:27 . 2010-01-28 00:27 12800 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-598350f7-n\decora-d3d.dll
2010-01-24 19:10 . 2010-02-09 22:16 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\CallingID
2010-01-24 19:02 . 2010-01-24 19:20 -------- d-----w- c:\windows\rnapxs
2010-01-24 19:00 . 2009-07-30 15:37 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll
2010-01-24 19:00 . 2010-01-24 19:03 -------- d-----w- c:\program files\CA
2010-01-24 18:49 . 2010-01-24 18:55 132441184 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\FD533F7A6C66623BF76127B06BC7FCF6.exe
2010-01-17 03:26 . 2010-01-17 03:26 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\GamersDigital
2010-01-17 03:26 . 2010-01-17 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\GamersDigital
2010-01-13 16:36 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 01:02 . 2010-01-12 01:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album
2010-01-12 01:02 . 2010-01-12 01:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Corel Photo Album

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 04:04 . 2009-11-26 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BOINC
2010-02-10 04:00 . 2006-06-24 04:45 -------- d-----w- c:\program files\CyberPower PowerPanel Personal Edition
2010-02-10 04:00 . 2008-07-13 15:53 849 --sha-w- c:\windows\system32\mmf.sys
2010-02-09 22:31 . 2006-06-13 04:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-09 22:31 . 2006-06-15 02:55 -------- d-----w- c:\program files\Logitech
2010-02-09 22:24 . 2009-12-21 19:46 -------- d-----w- c:\program files\DivX
2010-02-08 20:00 . 2006-06-18 00:20 6268 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-08 19:56 . 2007-10-01 17:52 56 --sh--r- c:\windows\system32\4326BF1B47.sys
2010-02-05 04:40 . 2010-01-10 16:32 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\libfftw3f-3-1-1a_upx.dll
2010-02-05 04:40 . 2010-01-10 16:32 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\setiathome_6.03_windows_intelx86.exe
2010-02-05 04:12 . 2008-11-11 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-05 04:11 . 2009-02-07 04:52 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-03 03:45 . 2009-07-14 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-28 00:27 . 2006-06-13 04:24 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 00:27 . 2006-06-13 04:24 -------- d-----w- c:\program files\Java
2010-01-24 19:07 . 2010-01-24 19:03 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2010-01-24 19:07 . 2010-01-24 19:03 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2010-01-24 19:07 . 2010-01-24 19:03 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2010-01-24 19:07 . 2010-01-24 19:03 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2010-01-24 19:07 . 2010-01-24 19:03 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2010-01-24 19:07 . 2010-01-24 19:03 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2010-01-24 19:07 . 2010-01-24 19:03 111856 ----a-w- c:\windows\system32\isafprod.dll
2010-01-24 19:03 . 2010-01-24 19:03 -------- d-----w- c:\program files\ISSThirdParty
2010-01-24 19:03 . 2010-01-24 19:03 -------- d-----w- c:\program files\Common Files\Scanner
2010-01-24 19:03 . 2010-01-24 19:03 4747264 ----a-w- c:\windows\system32\win32cpr.dll
2010-01-24 19:03 . 2010-01-24 19:03 1867776 ----a-w- c:\windows\system32\winsflt.dll
2010-01-24 18:49 . 2007-08-28 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-01-24 18:23 . 2009-11-05 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-24 01:24 . 2010-01-10 16:32 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\libfftw3f-3-1-1a_upx.dll
2010-01-24 01:24 . 2010-01-10 16:32 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\setiathome_6.03_windows_intelx86.exe
2010-01-21 01:20 . 2009-12-19 06:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 17:51 . 2009-11-09 21:20 0 ----a-w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\prvlcl.dat
2010-01-17 23:29 . 2007-09-17 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 19:52 . 2006-06-16 16:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 17:37 . 2010-01-09 01:34 256 ----a-w- c:\windows\system32\pool.bin
2010-01-12 01:16 . 2006-06-18 00:20 88 -csh--r- c:\windows\system32\471BBF2643.sys
2010-01-12 01:02 . 2009-01-17 23:26 100520 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-12 00:59 . 2006-07-11 23:32 -------- d-----w- c:\program files\Yahoo!
2010-01-12 00:53 . 2006-07-11 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-01-12 00:51 . 2006-06-13 04:33 -------- d-----w- c:\program files\Common Files\AOL
2010-01-10 16:54 . 2010-01-09 01:33 -------- d-----w- c:\program files\Research In Motion
2010-01-10 16:54 . 2010-01-09 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-01-10 16:52 . 2006-06-18 00:23 100520 ----a-w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-10 16:52 . 2010-01-09 01:34 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Research In Motion
2010-01-10 16:42 . 2010-01-10 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-01-10 16:41 . 2010-01-10 16:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-01-10 16:41 . 2010-01-10 16:41 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Roxio
2010-01-10 04:46 . 2010-01-10 04:46 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\acccore
2010-01-10 04:46 . 2010-01-10 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-01-10 03:55 . 2010-01-10 03:55 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\InstallShield
2010-01-10 03:55 . 2006-06-13 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-10 03:53 . 2006-06-13 04:29 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-10 03:52 . 2006-06-13 04:40 -------- d-----w- c:\program files\Roxio
2010-01-09 01:33 . 2010-01-09 01:33 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-01-07 22:07 . 2008-11-11 19:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-11-11 19:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2005-08-16 09:18 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll
2009-12-24 16:51 . 2009-12-24 16:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-12-23 23:02 . 2009-12-23 22:59 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Virtual City
2009-12-23 18:19 . 2008-06-05 21:03 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\gtk-2.0
2009-12-20 20:28 . 2009-12-20 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-12-20 20:26 . 2009-12-20 20:26 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\TomTom
2009-12-20 20:26 . 2009-12-20 20:26 -------- d-----w- c:\program files\TomTom International B.V
2009-12-20 20:26 . 2009-12-20 20:26 -------- d-----w- c:\program files\TomTom HOME 2
2009-12-20 00:00 . 2009-12-20 00:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-17 23:14 . 2009-01-11 16:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 17:05 . 2009-12-16 17:04 -------- d-----w- c:\program files\QuickTime
2009-12-16 17:04 . 2009-12-16 17:01 -------- d-----w- c:\program files\Kodak
2009-12-16 17:03 . 2009-12-16 17:03 -------- d-----w- c:\program files\Common Files\Kodak
2009-12-16 17:02 . 2009-12-16 17:02 11572208 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\QuickTimeInstaller.exe
2009-12-16 17:02 . 2009-12-16 17:02 163840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\KDEVICES\CR2\cr_stop.exe
2009-12-16 17:02 . 2009-12-16 17:02 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\KSUStop.exe
2009-12-16 17:02 . 2009-12-16 17:02 167936 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\CCS\CCSStop.exe
2009-12-16 17:01 . 2009-12-16 17:01 401408 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_9f2af6a\EasyShrx.Dll
2009-12-16 17:01 . 2009-12-16 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-12-11 00:22 . 2008-09-14 23:37 1304 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-11-28 18:03 . 2009-11-28 18:03 448600 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3-1-1a_upx.dll
2009-11-28 18:03 . 2009-11-28 18:03 406016 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
2009-11-28 18:03 . 2009-11-28 18:03 267776 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setigraphics_6.03_windows_intelx86.exe
2009-11-21 15:51 . 2005-08-16 09:18 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-12-29 04:05 . 2008-12-29 04:05 434 ----a-w- c:\program files\ryfrcsa.txt
2008-07-07 00:28 . 2008-07-07 00:28 0 ----a-w- c:\program files\temp01
2006-06-24 16:03 . 2006-06-24 16:03 251 -c--a-w- c:\program files\wt3d.ini
2009-02-22 00:12 . 2009-01-25 19:08 88 --sh--r- c:\windows\system32\7996F5D1F8.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2005-10-24 262144]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-06-13 26112]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-11-06 4793088]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2009-11-06 58112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-16 77824]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2010-01-24 374000]
"dvHighMem"="c:\windows\cfgmng32.exe" [2009-06-01 10940416]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2010-01-24 271600]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2010-01-24 333040]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe" [2010-01-24 14064]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-07-16 636144]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-07-16 337136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2009-06-23 1422776]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2009-03-27 22:27 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\UmxSbxExw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\windows\system32\ijebmevd.exe c:\windows\system32\ijebmevd.exe:changelist\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/8/2009 11:02 AM 108024]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [4/1/2009 10:45 AM 73720]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [4/28/2009 10:52 AM 55288]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/8/2009 11:02 AM 115704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [1/24/2010 1:00 PM 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/8/2009 11:02 AM 145912]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [3/27/2009 4:27 PM 58872]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 5:31 AM 92008]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [4/1/2009 10:45 AM 875000]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [6/15/2009 11:32 AM 760664]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [4/1/2009 10:45 AM 207352]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [1/24/2010 1:03 PM 1400832]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [4/1/2009 10:45 AM 205304]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [1/24/2010 1:03 PM 222448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S0 stlntbm;stlntbm;c:\windows\system32\drivers\idfda.sys --> c:\windows\system32\drivers\idfda.sys [?]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/13/2008 9:53 AM 2560]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officia
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: neopets.com\www
FF - ProfilePath - c:\documents and settings\Steven Wilkins\Application Data\Mozilla\Firefox\Profiles\180nqnda.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.simalo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=0HZ2lRXV&q=
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.simalo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=0HZ2lRXV&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 22:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\SecuROM\License information*]
"datasecu"=hex:9e,2e,0e,a2,45,38,49,80,3a,44,e1,12,b4,db,c3,b7,43,77,13,a6,d1,
bb,21,01,a3,68,a1,5c,b5,6a,d9,96,ba,32,d9,fb,bc,39,d7,e7,32,3b,d3,74,50,3e,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0]
"1"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,b4,b6,07,c1,1b,95,01,
2f
"2"=hex:e4,d7,da,38,b0,b5,3c,88,a2,01,5f,80,71,fc,07,41,22,5f,c1,26,5d,01,8c,
86
"3"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,53,86,fb,a3,af,c0,18,
8b,f9,e5,ef,ce,f2,5f,47,59,1f,2b,25,f6,12,48,81,74

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0\FD1E79A92259B5BC6F3673C7C70B3F80]
"1"=hex:a0,05,e5,14,70,56,59,19,19,f2,d5,d0,45,ea,42,c8,7b,0e,8f,12,8d,fe,0d,
89,e7,25,77,a8,98,63,f3,0c
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:4a,96,16,fb,80,e9,b8,09,b5,a8,4b,7d,13,05,ed,a9,36,6f,2e,0a,c1,b9,4f,
13,60,7b,5d,83,7e,a0,72,39,72,37,3f,58,1d,6c,1e,94,33,24,6f,1b,39,dd,60,ce,\
"4"=hex:eb,1f,6a,44,5b,57,2e,42
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:c9,3a,93,65,d5,aa,5c,a5,af,ff,f0,6c,ea,dc,3b,16,d5,46,14,1e,de,21,e3,
92,cf,d2,a7,a7,d7,a8,3c,60,6f,1e,ad,24,4c,e4,b3,35,f5,88,93,81,10,50,6e,57,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,d5,51,9f,32,fb,06,fa,
8c,e8,22,fe,5a,96,f6,72,ff,b7,d3,87,b3,8d,54,9f,32,5f,3a,e2,a1,97,10,45,b9,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:c7,b0,18,85,7b,39,96,ed
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1816)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(188)
c:\windows\system32\winsflt.dll

- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\windows\system32\mdmcls32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\stsystra.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\mdmcls32.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\mdmcls32.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-09 22:10:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-10 04:10
ComboFix2.txt 2010-02-03 19:04
ComboFix3.txt 2009-02-07 04:46
ComboFix4.txt 2009-02-04 22:28
ComboFix5.txt 2010-02-10 01:47

Pre-Run: 114,707,509,248 bytes free
Post-Run: 114,692,141,056 bytes free

- - End Of File - - 71CAE771598083F15879C0423083B667

Re: I have no idea. . .10th February 2010, 9:11 pm

Oh, and I believe the file that caused the blue screen error was located somewhere in the Filesystem\fastfat\fat area. Should I try running GMER again? As far as I know, the last time I ran it, it finished, but, like I said, nothing about rootkits or a log came up. I waited for a long while, and clicked "Ok" which just shut it down. Did it just not come up with anything or did I muck it up? I was a bit flustered after all of the freezes and shutdowns, so I'm open to the possibility that I did something wrong. :smile2:

----------------------

Edit: I forgot to add that my wordperfect is not working again.

Re: I have no idea. . .11th February 2010, 3:48 am

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- hȋdden Files << Selected
At the bottom of the page
- hȋdden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The
log will be saved automatically in the same folder Sysprot.exe was
extracted to. Open the text file and copy/paste the log here.

Re: I have no idea. . .12th February 2010, 1:43 am

Here is the log.

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iastor.sys
Service Name: ---
Module Base: A2FC4000
Module End: A3099000
hȋdden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: A2003B35
Driver Base: A1FFB000
Driver End: A200D000
Driver Name: \SystemRoot\System32\DRIVERS\KmxSbx.sys

Function Name: ZwCreateSymbolicLinkObject
Address: A2004856
Driver Base: A1FFB000
Driver End: A200D000
Driver Name: \SystemRoot\System32\DRIVERS\KmxSbx.sys

Function Name: ZwMakeTemporaryObject
Address: A2004BA7
Driver Base: A1FFB000
Driver End: A200D000
Driver Name: \SystemRoot\System32\DRIVERS\KmxSbx.sys

Function Name: ZwOpenKey
Address: A2003A99
Driver Base: A1FFB000
Driver End: A200D000
Driver Name: \SystemRoot\System32\DRIVERS\KmxSbx.sys

Function Name: ZwOpenSection
Address: A200457B
Driver Base: A1FFB000
Driver End: A200D000
Driver Name: \SystemRoot\System32\DRIVERS\KmxSbx.sys

Function Name: ZwSetInformationProcess
Address: ACB8F1DC
Driver Base: ACB84000
Driver End: ACB99000
Driver Name: \SystemRoot\System32\DRIVERS\kmxagent.sys

Function Name: ZwSetSystemInformation
Address: A2004983
Driver Base: A1FFB000
Driver End: A200D000
Driver Name: \SystemRoot\System32\DRIVERS\KmxSbx.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hȋdden files/folders found

Re: I have no idea. . .12th February 2010, 5:25 pm

Please download SpiderKill by DragonMaster Jay and save it to your Desktop.

Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

Re: I have no idea. . .12th February 2010, 5:37 pm

SpiderKill by DragonMaster Jay ( Oct 2009 )

Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************

Volume in drive C has no label.
Volume Serial Number is EC36-35CB

Directory of C:\Windows\System32\Drivers

02/11/2010 01:29 AM .
02/11/2010 01:29 AM ..
06/12/2006 10:04 PM 6,597 1028_Dell_DIM_DXPO51.mrk
08/17/2001 12:52 PM 23,552 ABP480N5.SYS
07/12/2006 01:56 PM 97,792 ACEDRV05.sys
04/13/2008 12:36 PM 187,776 acpi.sys
08/10/2004 04:00 AM 11,648 acpiec.sys
08/17/2001 01:07 PM 101,888 adpu160m.sys
04/13/2008 06:11 PM 4,255 adv01nt5.dll
04/13/2008 06:11 PM 3,967 adv02nt5.dll
04/13/2008 06:11 PM 3,615 adv05nt5.dll
04/13/2008 06:11 PM 3,647 adv07nt5.dll
04/13/2008 06:11 PM 3,135 adv08nt5.dll
04/13/2008 06:11 PM 3,711 adv09nt5.dll
04/13/2008 06:11 PM 3,775 adv11nt5.dll
04/13/2008 10:39 AM 142,592 aec.sys
08/14/2008 04:04 AM 138,496 afd.sys
04/13/2008 12:36 PM 42,368 agp440.sys
04/13/2008 12:36 PM 44,928 agpcpq.sys
08/17/2001 12:52 PM 12,800 aha154x.sys
08/17/2001 01:07 PM 55,168 aic78u2.sys
08/17/2001 01:07 PM 56,960 aic78xx.sys
08/17/2001 12:51 PM 5,248 aliide.sys
04/13/2008 12:36 PM 42,752 alim1541.sys
04/13/2008 12:36 PM 43,008 amdagp.sys
04/13/2008 12:31 PM 37,376 amdk6.sys
04/13/2008 12:31 PM 37,760 amdk7.sys
08/17/2001 12:52 PM 12,032 amsint.sys
04/13/2008 12:51 PM 60,800 arp1394.sys
08/17/2001 12:52 PM 26,496 asc.sys
08/17/2001 12:52 PM 22,400 asc3350p.sys
08/17/2001 12:51 PM 14,848 asc3550.sys
06/12/2006 10:34 PM 8,552 asctrm.sys
04/13/2008 12:57 PM 14,336 asyncmac.sys
04/13/2008 12:40 PM 96,512 atapi.sys
08/03/2004 09:29 PM 56,623 ati1btxx.sys
08/03/2004 09:29 PM 11,615 ati1mdxx.sys
08/03/2004 09:29 PM 12,047 ati1pdxx.sys
08/03/2004 09:29 PM 30,671 ati1raxx.sys
08/03/2004 09:29 PM 63,663 ati1rvxx.sys
08/03/2004 09:29 PM 26,367 ati1snxx.sys
08/03/2004 09:29 PM 21,343 ati1ttxx.sys
08/03/2004 09:29 PM 36,463 ati1tuxx.sys
08/03/2004 09:29 PM 29,455 ati1xbxx.sys
08/03/2004 09:29 PM 34,735 ati1xsxx.sys
08/03/2004 09:29 PM 327,040 ati2mtaa.sys
08/03/2004 09:29 PM 701,440 ati2mtag.sys
01/03/2006 06:58 PM 269,952 atinavrr.sys
08/03/2004 09:29 PM 57,856 atinbtxx.sys
08/03/2004 09:29 PM 13,824 atinmdxx.sys
08/03/2004 09:29 PM 14,336 atinpdxx.sys
08/03/2004 09:29 PM 52,224 atinraxx.sys
08/03/2004 09:29 PM 104,960 atinrvxx.sys
08/03/2004 09:29 PM 28,672 atinsnxx.sys
08/03/2004 09:29 PM 13,824 atinttxx.sys
08/03/2004 09:29 PM 73,216 atintuxx.sys
08/03/2004 09:29 PM 31,744 atinxbxx.sys
08/03/2004 09:29 PM 63,488 atinxsxx.sys
07/17/2004 10:36 AM 64,352 ativmc20.cod
04/13/2008 12:51 PM 59,904 atmarpc.sys
08/10/2004 04:00 AM 31,360 atmepvc.sys
04/13/2008 12:51 PM 55,808 atmlane.sys
08/10/2004 04:00 AM 352,256 atmuni.sys
04/13/2008 06:11 PM 21,183 atv01nt5.dll
04/13/2008 06:11 PM 11,359 atv02nt5.dll
04/13/2008 06:11 PM 25,471 atv04nt5.dll
04/13/2008 06:11 PM 14,143 atv06nt5.dll
04/13/2008 06:11 PM 17,279 atv10nt5.dll
08/17/2001 12:59 PM 3,072 audstub.sys
04/13/2008 12:36 PM 14,208 battc.sys
04/13/2008 12:46 PM 11,776 bdasup.sys
08/10/2004 04:00 AM 4,224 beep.sys
04/13/2008 12:53 PM 71,552 bridge.sys
04/13/2008 12:46 PM 17,024 bthenum.sys
04/13/2008 12:46 PM 37,888 bthmodem.sys
04/13/2008 12:51 PM 101,120 bthpan.sys
06/13/2008 05:05 AM 272,128 bthport.sys
04/13/2008 12:46 PM 36,480 bthprint.sys
04/13/2008 12:46 PM 18,944 bthusb.sys
02/14/2004 05:09 AM 244,096 CamDrL21.sys
08/17/2001 12:52 PM 13,952 cbidf2k.sys
04/13/2008 12:46 PM 17,024 ccdecode.sys
08/17/2001 12:52 PM 7,680 cd20xrnt.sys
08/10/2004 04:00 AM 18,688 cdaudio.sys
04/13/2008 01:14 PM 63,744 cdfs.sys
02/02/2007 04:00 AM 9,336 cdr4_xp.sys
02/02/2007 04:00 AM 9,464 cdralw2k.sys
04/13/2008 12:40 PM 62,976 cdrom.sys
04/13/2008 06:11 PM 15,423 ch7xxnt5.dll
08/10/2004 04:00 AM 262,528 cinemst2.sys
04/13/2008 01:16 PM 49,536 classpnp.sys
08/17/2001 12:51 PM 6,656 cmdide.sys
04/13/2008 12:36 PM 10,240 compbatt.sys
08/17/2001 12:52 PM 14,976 cpqarray.sys
08/10/2004 04:00 AM 11,776 cpqdap01.sys
04/13/2008 12:31 PM 36,736 crusoe.sys
01/10/2005 04:15 PM 106,496 CTOSS2K.SYS
12/19/2005 06:39 AM 1,458,263 CTRL.s3
01/10/2005 04:15 PM 138,752 CTSFM2K.SYS
05/25/2005 02:34 PM 158,464 CTUSFSYN.SYS
07/17/2004 09:55 PM 129,045 cxthsfs2.cty
08/17/2001 12:52 PM 179,584 dac2w2k.sys
08/17/2001 12:52 PM 14,720 dac960nt.sys
08/16/2005 03:22 AM disdn
04/13/2008 12:40 PM 36,352 disk.sys
04/13/2008 12:40 PM 14,208 diskdump.sys
08/25/2005 11:16 AM 5,628 DLACDBHM.SYS
08/25/2005 11:16 AM 22,684 DLARTL_N.SYS
04/13/2008 12:44 PM 799,744 dmboot.sys
04/13/2008 12:44 PM 153,344 dmio.sys
08/10/2004 04:00 AM 5,888 dmload.sys
04/13/2008 12:45 PM 52,864 dmusic.sys
08/17/2001 01:07 PM 20,192 dpti2o.sys
04/13/2008 12:45 PM 60,160 drmk.sys
04/13/2008 12:45 PM 2,944 drmkaud.sys
09/12/2005 02:30 AM 89,264 DRVMCDB.SYS
08/12/2005 04:20 AM 40,544 DRVNDDM.SYS
08/10/2004 04:00 AM 10,496 dxapi.sys
04/13/2008 12:38 PM 71,168 dxg.sys
08/10/2004 04:00 AM 3,328 dxgthk.sys
08/17/2001 11:12 AM 117,760 e100b325.sys
08/25/2005 11:05 AM 176,128 e1e5132.sys
02/09/2010 10:01 PM etc
04/13/2008 01:14 PM 143,744 fastfat.sys
04/13/2008 12:40 PM 27,392 fdc.sys
04/13/2008 12:33 PM 44,544 fips.sys
04/13/2008 12:40 PM 20,480 flpydisk.sys
04/13/2008 12:32 PM 129,792 fltmgr.sys
08/10/2004 04:00 AM 12,160 fsvga.sys
08/10/2004 04:00 AM 7,936 fs_rec.sys
08/17/2001 12:52 PM 125,056 ftdisk.sys
04/13/2008 12:36 PM 46,464 gagp30kx.sys
08/10/2004 04:00 AM 3,440,660 gm.dls
08/10/2004 04:00 AM 646 gmreadme.txt
04/13/2008 10:36 AM 144,384 hdaudbus.sys
08/12/2004 04:45 PM 113,664 Hdaudio.sys
04/13/2008 12:36 PM 20,352 hidbatt.sys
04/13/2008 12:46 PM 25,600 hidbth.sys
04/13/2008 12:45 PM 36,864 hidclass.sys
04/13/2008 12:45 PM 19,200 hidir.sys
04/13/2008 12:45 PM 24,960 hidparse.sys
04/13/2008 12:45 PM 10,368 hidusb.sys
08/17/2001 01:07 PM 25,952 hpn.sys
07/06/2005 01:50 PM 51,120 HPZid412.sys
07/06/2005 01:50 PM 16,496 HPZipr12.sys
07/06/2005 01:50 PM 21,744 HPZius12.sys
08/03/2004 09:41 PM 220,032 hsfbs2s2.sys
08/03/2004 09:41 PM 685,056 hsfcxts2.sys
08/03/2004 09:41 PM 1,041,536 hsfdpsp2.sys
10/20/2009 10:20 AM 265,728 http.sys
04/13/2008 12:41 PM 8,576 i2omgmt.sys
04/13/2008 12:41 PM 18,560 i2omp.sys
04/13/2008 01:18 PM 52,480 i8042prt.sys
06/17/2005 04:33 AM 872,064 iaStor.sys
04/13/2008 12:40 PM 42,112 imapi.sys
08/17/2001 12:52 PM 16,000 ini910u.sys
04/13/2008 12:40 PM 5,504 intelide.sys
04/13/2008 12:31 PM 36,352 intelppm.sys
04/13/2008 12:53 PM 36,608 ip6fw.sys
08/10/2004 04:00 AM 32,896 ipfltdrv.sys
04/13/2008 12:57 PM 20,864 ipinip.sys
04/13/2008 12:57 PM 152,832 ipnat.sys
04/13/2008 01:19 PM 75,264 ipsec.sys
05/18/2005 03:17 PM 19,456 iqvw32.sys
04/13/2008 12:45 PM 46,592 irbus.sys
04/13/2008 12:54 PM 11,264 irenum.sys
04/13/2008 12:36 PM 37,248 isapnp.sys
04/13/2008 12:39 PM 24,576 kbdclass.sys
04/13/2008 12:39 PM 14,592 kbdhid.sys
04/13/2008 12:45 PM 172,416 kmixer.sys
04/01/2009 10:45 AM 73,720 KmxAgent.sys
06/08/2009 11:02 AM 145,912 KmxCF.sys
04/01/2009 10:45 AM 205,304 KmxCfg.sys
02/11/2010 01:30 AM 510,028 kmxcfg.u2k0
02/11/2010 01:30 AM 272 kmxcfg.u2k1
02/11/2010 01:30 AM 64 kmxcfg.u2k2
02/11/2010 01:30 AM 64 kmxcfg.u2k3
02/11/2010 01:30 AM 64 kmxcfg.u2k4
02/11/2010 01:30 AM 64 kmxcfg.u2k5
02/11/2010 01:30 AM 64 kmxcfg.u2k6
02/11/2010 01:30 AM 64 kmxcfg.u2k7
04/28/2009 10:52 AM 55,288 KmxFile.sys
06/08/2009 11:02 AM 115,704 KmxFw.sys
03/27/2009 04:27 PM 58,872 KmxSbx.sys
06/08/2009 11:02 AM 108,024 KmxStart.sys
02/11/2010 01:30 AM 104 kmxzone.u2k0
02/11/2010 01:30 AM 104 kmxzone.u2k1
02/11/2010 01:30 AM 28 kmxzone.u2k2
02/11/2010 01:30 AM 28 kmxzone.u2k3
02/11/2010 01:30 AM 28 kmxzone.u2k4
02/11/2010 01:30 AM 28 kmxzone.u2k5
02/11/2010 01:30 AM 28 kmxzone.u2k6
02/11/2010 01:30 AM 28 kmxzone.u2k7
04/13/2008 01:16 PM 141,056 ks.sys
06/24/2009 05:18 AM 92,928 ksecdd.sys
02/14/2004 05:00 AM 1,038,848 LVSVF2.sys
05/27/2004 09:47 AM 19,968 LVUSBSta.sys
01/07/2010 04:07 PM 19,160 mbam.sys
01/07/2010 04:07 PM 38,224 mbamswissarmy.sys
08/10/2004 04:00 AM 7,680 mcd.sys
08/03/2004 09:41 PM 11,868 mdmxsdk.sys
04/13/2008 12:36 PM 63,744 mf.sys
08/10/2004 02:45 AM 11,008 mhndrv.sys
08/10/2004 04:00 AM 4,224 mnmdd.sys
04/13/2008 01:00 PM 30,080 modem.sys
08/17/2001 01:57 PM 16,128 MODEMCSA.sys
06/18/2007 08:18 PM 23,680 motmodem.sys
04/13/2008 12:39 PM 23,040 mouclass.sys
08/17/2001 12:48 PM 12,160 mouhid.sys
04/13/2008 12:39 PM 42,368 mountmgr.sys
04/13/2008 12:46 PM 15,232 mpe.sys
04/13/2008 12:39 PM 92,544 mqac.sys
08/17/2001 12:52 PM 17,280 mraid35x.sys
04/13/2008 12:32 PM 180,608 mrxdav.sys
12/04/2009 12:22 PM 455,424 mrxsmb.sys
04/13/2008 12:32 PM 19,072 msfs.sys
04/13/2008 12:56 PM 35,072 msgpc.sys
04/13/2008 12:39 PM 7,552 mskssrv.sys
04/13/2008 12:39 PM 5,376 mspclock.sys
04/13/2008 12:39 PM 4,992 mspqm.sys
04/13/2008 12:36 PM 15,488 mssmbios.sys
04/13/2008 12:39 PM 5,504 mstee.sys
08/03/2004 09:41 PM 126,686 mtlmnt5.sys
08/03/2004 09:41 PM 1,309,184 mtlstrm.sys
08/03/2004 09:29 PM 452,736 mtxparhm.sys
04/13/2008 01:17 PM 105,344 mup.sys
04/13/2008 12:43 PM 12,672 mutohpen.sys
04/13/2008 12:46 PM 85,248 nabtsfec.sys
04/13/2008 01:20 PM 182,656 ndis.sys
04/13/2008 12:46 PM 10,880 ndisip.sys
04/13/2008 12:57 PM 10,112 ndistapi.sys
04/13/2008 12:55 PM 14,592 ndisuio.sys
04/13/2008 01:20 PM 91,520 ndiswan.sys
04/13/2008 12:57 PM 40,576 ndproxy.sys
04/13/2008 12:56 PM 34,688 netbios.sys
04/13/2008 01:21 PM 162,816 netbt.sys
07/17/2004 10:35 AM 67,866 netwlan5.img
04/13/2008 12:51 PM 61,824 nic1394.sys
08/10/2004 04:00 AM 12,032 nikedrv.sys
04/13/2008 12:53 PM 40,320 nmnt.sys
04/13/2008 12:32 PM 30,848 npfs.sys
04/13/2008 01:15 PM 574,976 ntfs.sys
08/03/2004 09:41 PM 180,360 ntmtlfax.sys
08/10/2004 04:00 AM 2,944 null.sys
07/08/2005 03:57 PM 3,198,304 nv4_mini.sys
08/10/2004 04:00 AM 12,416 nwlnkflt.sys
08/10/2004 04:00 AM 32,512 nwlnkfwd.sys
04/13/2008 12:56 PM 88,320 nwlnkipx.sys
08/10/2004 04:00 AM 63,232 nwlnknb.sys
08/10/2004 04:00 AM 55,936 nwlnkspx.sys
04/13/2008 12:34 PM 163,584 nwrdr.sys
08/10/2004 04:00 AM 3,456 oprghdlr.sys
04/13/2008 12:31 PM 42,752 p3.sys
12/04/2007 05:10 PM 16,640 PalmUSBD.sys
04/13/2008 12:40 PM 80,128 parport.sys
04/13/2008 12:40 PM 19,712 partmgr.sys
08/10/2004 04:00 AM 6,784 parvdm.sys
04/13/2008 12:36 PM 68,224 pci.sys
08/17/2001 12:51 PM 3,328 pciide.sys
04/13/2008 12:40 PM 24,960 pciidex.sys
04/13/2008 12:36 PM 120,192 pcmcia.sys
08/17/2001 01:07 PM 27,296 perc2.sys
08/17/2001 01:07 PM 5,504 perc2hib.sys
12/22/2004 05:58 PM 8,704 PFMODNT.SYS
04/13/2008 01:19 PM 146,048 portcls.sys
04/13/2008 12:31 PM 35,840 processr.sys
04/13/2008 12:56 PM 69,120 psched.sys
08/10/2004 04:00 AM 17,792 ptilink.sys
05/01/2007 03:00 AM 43,528 pxhelp20.sys
08/17/2001 12:52 PM 40,320 ql1080.sys
08/17/2001 12:52 PM 33,152 ql10wnt.sys
08/17/2001 12:52 PM 45,312 ql12160.sys
08/17/2001 12:52 PM 40,448 ql1240.sys
08/17/2001 12:52 PM 49,024 ql1280.sys
08/10/2004 04:00 AM 8,832 rasacd.sys
04/13/2008 01:19 PM 51,328 rasl2tp.sys
04/13/2008 12:57 PM 41,472 raspppoe.sys
04/13/2008 01:19 PM 48,384 raspptp.sys
08/10/2004 04:00 AM 16,512 raspti.sys
08/10/2004 04:00 AM 34,432 rawwan.sys
04/13/2008 01:28 PM 175,744 rdbss.sys
08/10/2004 04:00 AM 4,224 rdpcdd.sys
04/13/2008 12:32 PM 196,224 rdpdr.sys
04/13/2008 06:13 PM 139,656 rdpwd.sys
08/03/2004 09:41 PM 13,776 recagent.sys
04/13/2008 12:40 PM 57,600 redbook.sys
04/13/2008 12:46 PM 59,136 rfcomm.sys
01/09/2009 04:18 PM 27,136 RimSerial.sys
05/20/2008 07:33 PM 22,784 RimUsb.sys
08/10/2004 04:00 AM 12,032 rio8drv.sys
08/10/2004 04:00 AM 12,032 riodrv.sys
05/08/2008 08:02 AM 203,136 rmcast.sys
04/13/2008 12:56 PM 30,592 rndismp.sys
04/13/2008 12:56 PM 30,592 rndismpx.sys
08/10/2004 04:00 AM 5,888 rootmdm.sys
08/03/2004 09:29 PM 166,912 s3gnbm.sys
04/13/2008 12:40 PM 96,384 scsiport.sys
04/13/2008 12:36 PM 79,232 sdbus.sys
11/13/2007 04:25 AM 20,480 secdrv.sys
04/13/2008 12:40 PM 15,744 serenum.sys
04/13/2008 01:15 PM 64,512 serial.sys
04/13/2008 12:40 PM 11,904 sffdisk.sys
04/13/2008 12:40 PM 10,240 sffp_mmc.sys
04/13/2008 12:40 PM 11,008 sffp_sd.sys
04/13/2008 12:40 PM 11,392 sfloppy.sys
03/25/2005 08:11 AM 1,350,272 sigfilt.sys
04/13/2008 06:12 PM 3,901 siint5.dll
04/13/2008 12:36 PM 40,960 sisagp.sys
04/13/2008 12:46 PM 11,136 slip.sys
08/03/2004 09:41 PM 129,535 slnt7554.sys
08/03/2004 09:41 PM 404,990 slntamr.sys
08/03/2004 09:41 PM 95,424 slnthal.sys
08/03/2004 09:41 PM 13,240 slwdmsup.sys
04/13/2008 12:36 PM 5,888 smbali.sys
08/10/2004 04:00 AM 14,592 smclib.sys
04/13/2008 12:46 PM 25,344 sonydcam.sys
08/17/2001 01:07 PM 19,072 sparrow.sys
04/13/2008 12:45 PM 6,272 splitter.sys
04/13/2008 12:36 PM 73,472 sr.sys
12/31/2009 10:50 AM 353,792 srv.sys
06/06/2005 01:40 PM 180,736 sthda.sys
04/13/2008 12:45 PM 49,408 stream.sys
04/13/2008 12:46 PM 15,232 streamip.sys
04/13/2008 12:39 PM 4,352 swenum.sys
04/13/2008 12:45 PM 56,576 swmidi.sys
08/17/2001 01:07 PM 16,256 symc810.sys
08/17/2001 01:07 PM 32,640 symc8xx.sys
08/17/2001 01:07 PM 28,384 sym_hi.sys
08/17/2001 01:07 PM 30,688 sym_u3.sys
04/13/2008 01:15 PM 60,800 sysaudio.sys
04/13/2008 12:40 PM 14,976 tape.sys
06/20/2008 05:51 AM 361,600 tcpip.sys
06/20/2008 05:08 AM 225,856 tcpip6.sys
04/13/2008 01:00 PM 19,072 tdi.sys
04/13/2008 06:13 PM 12,040 tdpipe.sys
04/13/2008 06:13 PM 21,896 tdtcp.sys
04/13/2008 06:13 PM 40,840 termdd.sys
08/10/2004 04:00 AM 51,712 tosdvd.sys
08/17/2001 12:51 PM 4,992 toside.sys
08/10/2004 04:00 AM 21,376 tsbvcap.sys
04/13/2008 12:56 PM 12,288 tunmp.sys
04/13/2008 12:36 PM 44,672 uagp35.sys
04/13/2008 12:32 PM 66,048 udfs.sys
08/17/2001 12:52 PM 36,736 ultra.sys
12/25/2008 11:38 AM UMDF
04/13/2008 12:39 PM 384,768 update.sys
04/13/2008 12:56 PM 12,800 usb8023.sys
04/13/2008 12:56 PM 12,800 usb8023x.sys
04/13/2008 12:45 PM 60,032 usbaudio.sys
04/13/2008 12:45 PM 25,600 usbcamd.sys
04/13/2008 12:45 PM 25,728 usbcamd2.sys
04/13/2008 12:45 PM 32,128 usbccgp.sys
08/10/2004 04:00 AM 4,736 usbd.sys
04/13/2008 12:45 PM 30,208 usbehci.sys
04/13/2008 12:45 PM 59,520 usbhub.sys
04/13/2008 12:45 PM 15,872 usbintel.sys
04/13/2008 12:45 PM 143,872 usbport.sys
04/13/2008 12:47 PM 25,856 usbprint.sys
04/13/2008 12:45 PM 15,104 usbscan.sys
04/13/2008 12:45 PM 26,112 usbser.sys
04/13/2008 12:45 PM 26,368 usbstor.sys
04/13/2008 12:45 PM 20,608 usbuhci.sys
04/13/2008 12:46 PM 121,984 usbvideo.sys
04/13/2008 06:12 PM 11,325 vchnt5.dll
08/10/2004 04:00 AM 58,112 vdmindvd.sys
01/24/2010 01:07 PM 26,352 vet-filt.sys
01/24/2010 01:07 PM 21,104 vet-rec.sys
01/24/2010 01:07 PM 133,520 veteboot.sys
01/24/2010 01:07 PM 739,696 vetefile.sys
01/24/2010 01:07 PM 21,488 vetfddnt.sys
01/24/2010 01:07 PM 161,008 vetmonnt.sys
04/13/2008 12:44 PM 20,992 vga.sys
04/13/2008 12:36 PM 42,240 viaagp.sys
04/13/2008 12:40 PM 5,376 viaide.sys
04/13/2008 12:44 PM 81,664 videoprt.sys
04/13/2008 12:41 PM 52,352 volsnap.sys
04/13/2008 12:43 PM 14,208 wacompen.sys
08/03/2004 09:29 PM 11,807 wadv07nt.sys
08/03/2004 09:29 PM 11,295 wadv08nt.sys
08/03/2004 09:29 PM 11,871 wadv09nt.sys
08/03/2004 09:29 PM 11,935 wadv11nt.sys
04/13/2008 12:57 PM 34,560 wanarp.sys
08/03/2004 09:29 PM 22,271 watv06nt.sys
08/03/2004 09:29 PM 25,471 watv10nt.sys
06/14/2005 05:13 PM 104,576 wceusbsh.sys
11/02/2006 07:22 AM 492,000 wdf01000.sys
11/02/2006 07:22 AM 32,224 wdfldr.sys
04/13/2008 01:17 PM 83,072 wdmaud.sys
08/10/2004 04:00 AM 4,352 wmilib.sys
10/18/2006 08:00 PM 38,528 wpdusb.sys
08/10/2004 04:00 AM 12,032 ws2ifsl.sys
04/13/2008 12:46 PM 19,200 wstcodec.sys
09/28/2006 06:55 PM 77,568 WudfPf.sys
09/28/2006 07:00 PM 82,944 WudfRd.sys
389 File(s) 38,872,181 bytes

Directory of C:\Windows\System32\Drivers\disdn

08/16/2005 03:22 AM .
08/16/2005 03:22 AM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

02/09/2010 10:01 PM .
02/09/2010 10:01 PM ..
02/09/2010 10:01 PM 27 hosts
08/10/2004 04:00 AM 3,683 lmhosts.sam
08/10/2004 04:00 AM 407 networks
08/10/2004 04:00 AM 799 protocol
08/10/2004 04:00 AM 7,116 services
5 File(s) 12,032 bytes

Directory of C:\Windows\System32\Drivers\UMDF

12/25/2008 11:38 AM .
12/25/2008 11:38 AM ..
10/18/2006 09:47 PM 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
395 File(s) 39,555,445 bytes
11 Dir(s) 114,664,931,328 bytes free

***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is EC36-35CB

Directory of C:\Windows\System32\Drivers

12/27/2008 05:26 PM 0 MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
12/27/2008 05:26 PM 0 Msft_Kernel_motmodem_01005.Wdf
2 File(s) 0 bytes
0 Dir(s) 114,664,939,520 bytes free

*********************Processes*******************

PROCESS PID PRIO PATH
smss.exe 888 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 1188 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 1776 High C:\WINDOWS\system32\winlogon.exe
services.exe 1948 Normal C:\WINDOWS\system32\services.exe
lsass.exe 2024 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 1744 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1060 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1440 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1636 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 204 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 808 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1388 Normal C:\WINDOWS\system32\spoolsv.exe
UmxCfg.exe 1508 Normal C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
UmxFwHlp.exe 1552 Normal C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
UmxPol.exe 472 Normal C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
UmxAgent.exe 664 Normal C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe 1852 Normal C:\WINDOWS\system32\svchost.exe
ISafe.exe 244 Normal C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
ccschedulersvc.exe 444 Normal C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
CTsvcCDA.exe 972 Normal C:\WINDOWS\system32\CTsvcCDA.exe
ehRecvr.exe 1312 Above Normal C:\WINDOWS\eHome\ehRecvr.exe
ehSched.exe 1528 Normal C:\WINDOWS\eHome\ehSched.exe
iaantmon.exe 1736 Normal C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
ITMRTSVC.exe 512 Normal C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
jqs.exe 1468 Idle C:\Program Files\Java\jre6\bin\jqs.exe
runservice.exe 552 Normal C:\WINDOWS\runservice.exe
nvsvc32.exe 2672 Normal C:\WINDOWS\system32\nvsvc32.exe
HPZipm12.exe 2780 Normal C:\WINDOWS\system32\HPZipm12.exe
ppped.exe 2856 Normal C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
PSIService.exe 3456 Normal C:\WINDOWS\system32\PSIService.exe
PsiService_2.exe 3668 Normal c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
Explorer.EXE 2792 Normal C:\WINDOWS\Explorer.EXE
capfsem.exe 644 Normal C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
svchost.exe 2616 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 3220 Normal C:\WINDOWS\system32\svchost.exe
TomTomHOMEService.exe 3964 Normal C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
VetMsg.exe 576 Normal C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
svcprs32.exe 2232 Normal C:\WINDOWS\system32\svcprs32.exe
mdmcls32.exe 2960 Normal C:\WINDOWS\system32\mdmcls32.exe
mcrdsvc.exe 2060 Normal C:\WINDOWS\ehome\mcrdsvc.exe
stsystra.exe 2708 Normal C:\WINDOWS\stsystra.exe
RealPlay.exe 3396 Normal C:\Program Files\Real\RealPlayer\RealPlay.exe
Rundll32.exe 3540 Normal C:\WINDOWS\system32\Rundll32.exe
LVCOMSX.EXE 2196 Normal C:\WINDOWS\system32\LVCOMSX.EXE
LogiTray.exe 2380 Normal C:\Program Files\Logitech\Video\LogiTray.exe
clclean.0001 3436 Normal C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\clclean.0001
iaanotif.exe 3560 Normal C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
HPWuSchd2.exe 1908 Normal C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
ehtray.exe 2284 Normal C:\WINDOWS\ehome\ehtray.exe
DMXLauncher.exe 2240 Normal C:\Program Files\Dell\Media Experience\DMXLauncher.exe
DLACTRLW.EXE 3036 Normal C:\WINDOWS\System32\DLA\DLACTRLW.EXE
CTSysVol.exe 3128 Normal C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
jusched.exe 3524 Normal C:\Program Files\Common Files\Java\Java Update\jusched.exe
boinctray.exe 3952 Normal C:\Program Files\BOINC\boinctray.exe
RIMAutoUpdate.exe 2084 Normal C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
casc.exe 3712 Normal C:\Program Files\CA\CA Internet Security Suite\casc.exe
cfgmng32.exe 832 Normal C:\WINDOWS\cfgmng32.exe
CAVRID.exe 4084 Normal C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
CAPPActiveProtection.exe 2124 Normal C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
QOELoader.exe 3060 Normal C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
capfasem.exe 3304 Below Normal C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
pppeuser.exe 2512 Normal C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
CTDetect.exe 4508 Normal C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
mdmcls32.exe 4636 Normal C:\WINDOWS\system32\mdmcls32.exe
wcescomm.exe 4880 Normal C:\Program Files\Microsoft ActiveSync\wcescomm.exe
isuspm.exe 5000 Normal C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
ctfmon.exe 5304 Normal C:\WINDOWS\system32\ctfmon.exe
rapimgr.exe 5492 Normal C:\PROGRA~1\MICROS~4\rapimgr.exe
dllhost.exe 5312 Normal C:\WINDOWS\system32\dllhost.exe
CreativeLicensing.exe 5204 Normal C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
ccprovsp.exe 5688 Normal C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PPCtlPriv.exe 6076 Normal C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
alg.exe 2720 Normal C:\WINDOWS\System32\alg.exe
mdmcls32.exe 612 Normal C:\WINDOWS\system32\mdmcls32.exe
ehmsas.exe 4320 Normal C:\WINDOWS\eHome\ehmsas.exe
agent.exe 4304 Normal C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
jqsnotify.exe 5892 Normal C:\Program Files\Java\jre6\bin\jqsnotify.exe
agent.exe 3272 Normal C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
agent.exe 6532 Normal C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
agent.exe 5060 Normal C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
agent.exe 3576 Normal C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
wscntfy.exe 7552 Normal C:\WINDOWS\system32\wscntfy.exe
cmd.exe 5024 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 8072 Normal C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\SpiderKill\SpiderKill\processes.exe

Module information for 'Explorer.EXE'(2792)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 856064 C:\WINDOWS\system32\WININET.dll 7.00.6000.16981 (vista_gdr.091215-2244) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
iertutil.dll 3dfd0000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.16981 (vista_gdr.091215-2244) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINDOWS\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINDOWS\system32\USP10.dll 1.0420.2600.5512 (xpsp.080413-2105) Uniscribe Unicode script processor
UmxSbxExw.dll 5fe00000 114688 C:\WINDOWS\system32\UmxSbxExw.dll 6.0.2.93 User mode executive module helper DLL
UmxSbxw.dll 5ff00000 278528 C:\WINDOWS\system32\UmxSbxw.dll 6.0.2.93 User mode executive module DLL
psapi.dll 76bf0000 45056 C:\WINDOWS\system32\psapi.dll 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\system32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\system32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1110000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
CACheck.dll 10000000 151552 C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll 1.1.0.41 API interceptors
CAHook.dll 17b0000 176128 C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll 1.1.0.41 API interception library
CAServer.dll 1d00000 155648 C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll 1.1.0.41 eTrust PestPatrol Real-time component
MSVCP71.dll 7c3a0000 503808 C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll 7.10.3077.0 Microsoft

C++ Runtime Library
MSVCR71.dll 7c340000 352256 C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll 7.10.3052.4 Microsoft

C Runtime Library
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
ieframe.dll 3e1c0000 6082560 C:\WINDOWS\system32\ieframe.dll 7.00.6000.16981 (vista_gdr.091215-2244) Internet Explorer
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
CIDLinkAdvisor.dll 2400000 1425408 C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll 1.1.0.63 1.1.0.63
OLEACC.dll 74c80000 180224 C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
webcheck.dll 42e40000 245760 C:\WINDOWS\system32\webcheck.dll 7.00.6000.16981 (vista_gdr.091215-2244) Web Site Monitor
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
urlmon.dll 78130000 1212416 C:\WINDOWS\system32\urlmon.dll 7.00.6000.16981 (vista_gdr.091215-2244) OLE32 Extensions for Win32
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.5868 (xpsp_sp3_gdr.090824-1328) Windows HTTP Services
mydocs.dll 72410000 106496 C:\WINDOWS\system32\mydocs.dll 6.00.2900.5512 (xpsp.080413-2105) My Documents Folder UI
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft

Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
QOEHook.dll 602f0000 90112 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOEHook.dll 7.0.0.517 QOEHook Dynamic Link Library
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
MSVCR80.dll 3380000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll 8.00.50727.4053 Microsoft

C Runtime Library
ShellXP.dll 66270000 249856 c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll 14.0.0.701 Windows XP Shell Extension
FileInfoProvider.dll 65750000 606208 c:\Program Files\Common Files\Corel\Shared\Shell Extension\FileInfoProvider.dll 14.0.0.701 Windows XP Shell Extension
gdiplus.dll 4ec50000 1748992 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll 5.2.6001.22319 (vistasp1_ldr.081126-1506) Microsoft GDI+
PDFShell.dll 36d0000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 8.2.0.81 PDF Shell Extension
AcroIEHelper.dll 1790000 65536 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 8.2.0.81 Adobe PDF Helper for Internet Explorer
DLASHX_W.DLL 2990000 114688 C:\WINDOWS\System32\DLA\DLASHX_W.DLL 5.20.08a Drive Letter Access Component
DLAAPI_W.DLL 2af0000 61440 C:\WINDOWS\system32\DLAAPI_W.DLL 5.20.08a Drive Letter Access Component
DLACResW.dll 34b0000 241664 C:\WINDOWS\System32\DLA\DLACResW.dll 5.20.08a Drive Letter Access Component
zipfldr.dll 73380000 356352 C:\WINDOWS\system32\zipfldr.dll 6.00.2900.5512 (xpsp.080413-2105) Compressed (zipped) Folders
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\system32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows script Host

******************************************
EOF

Re: I have no idea. . .13th February 2010, 3:47 pm

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\windows\system32\drivers\KmxAgent.sys
C:\windows\system32\drivers\KmxCF.sys
C:\windows\system32\drivers\KmxCfg.sys
C:\windows\system32\drivers\kmxcfg.u2k0
C:\windows\system32\drivers\kmxcfg.u2k1
C:\windows\system32\drivers\kmxcfg.u2k2
C:\windows\system32\drivers\kmxcfg.u2k3
C:\windows\system32\drivers\kmxcfg.u2k4
C:\windows\system32\drivers\kmxcfg.u2k5
C:\windows\system32\drivers\kmxcfg.u2k6
C:\windows\system32\drivers\kmxcfg.u2k7
C:\windows\system32\drivers\KmxFile.sys
C:\windows\system32\drivers\KmxFw.sys
C:\windows\system32\drivers\KmxSbx.sys
C:\windows\system32\drivers\KmxStart.sys
C:\windows\system32\drivers\kmxzone.u2k0
C:\windows\system32\drivers\kmxzone.u2k1
C:\windows\system32\drivers\kmxzone.u2k2
C:\windows\system32\drivers\kmxzone.u2k3
C:\windows\system32\drivers\kmxzone.u2k4
C:\windows\system32\drivers\kmxzone.u2k5
C:\windows\system32\drivers\kmxzone.u2k6
C:\windows\system32\drivers\kmxzone.u2k7

Driver::
KmxAgent
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: I have no idea. . .13th February 2010, 6:43 pm

ComboFix 10-02-09.03 - Steven Wilkins 02/13/2010 12:02:00.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1180 [GMT -6:00]
Running from: c:\documents and settings\Steven Wilkins\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Steven Wilkins\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

FILE ::
"c:\windows\system32\drivers\KmxAgent.sys"
"c:\windows\system32\drivers\KmxCF.sys"
"c:\windows\system32\drivers\KmxCfg.sys"
"c:\windows\system32\drivers\kmxcfg.u2k0"
"c:\windows\system32\drivers\kmxcfg.u2k1"
"c:\windows\system32\drivers\kmxcfg.u2k2"
"c:\windows\system32\drivers\kmxcfg.u2k3"
"c:\windows\system32\drivers\kmxcfg.u2k4"
"c:\windows\system32\drivers\kmxcfg.u2k5"
"c:\windows\system32\drivers\kmxcfg.u2k6"
"c:\windows\system32\drivers\kmxcfg.u2k7"
"c:\windows\system32\drivers\KmxFile.sys"
"c:\windows\system32\drivers\KmxFw.sys"
"c:\windows\system32\drivers\KmxSbx.sys"
"c:\windows\system32\drivers\KmxStart.sys"
"c:\windows\system32\drivers\kmxzone.u2k0"
"c:\windows\system32\drivers\kmxzone.u2k1"
"c:\windows\system32\drivers\kmxzone.u2k2"
"c:\windows\system32\drivers\kmxzone.u2k3"
"c:\windows\system32\drivers\kmxzone.u2k4"
"c:\windows\system32\drivers\kmxzone.u2k5"
"c:\windows\system32\drivers\kmxzone.u2k6"
"c:\windows\system32\drivers\kmxzone.u2k7"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\STEVEN~1\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp
c:\documents and settings\Steven Wilkins\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp
c:\windows\system32\drivers\KmxAgent.sys
c:\windows\system32\drivers\KmxCF.sys
c:\windows\system32\drivers\KmxCfg.sys
c:\windows\system32\drivers\kmxcfg.u2k0
c:\windows\system32\drivers\kmxcfg.u2k1
c:\windows\system32\drivers\kmxcfg.u2k2
c:\windows\system32\drivers\kmxcfg.u2k3
c:\windows\system32\drivers\kmxcfg.u2k4
c:\windows\system32\drivers\kmxcfg.u2k5
c:\windows\system32\drivers\kmxcfg.u2k6
c:\windows\system32\drivers\kmxcfg.u2k7
c:\windows\system32\drivers\KmxFile.sys
c:\windows\system32\drivers\KmxFw.sys
c:\windows\system32\drivers\KmxSbx.sys
c:\windows\system32\drivers\KmxStart.sys
c:\windows\system32\drivers\kmxzone.u2k0
c:\windows\system32\drivers\kmxzone.u2k1
c:\windows\system32\drivers\kmxzone.u2k2
c:\windows\system32\drivers\kmxzone.u2k3
c:\windows\system32\drivers\kmxzone.u2k4
c:\windows\system32\drivers\kmxzone.u2k5
c:\windows\system32\drivers\kmxzone.u2k6
c:\windows\system32\drivers\kmxzone.u2k7

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KMXAGENT
-------\Service_KmxAgent
-------\Legacy_KmxCF
-------\Legacy_KmxCfg
-------\Legacy_KmxFile
-------\Legacy_KmxFw
-------\Legacy_KmxSbx
-------\Legacy_KmxStart
-------\Service_KmxCF
-------\Service_KmxCfg
-------\Service_KmxFile
-------\Service_KmxFw
-------\Service_KmxSbx
-------\Service_KmxStart

((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-05 18:18 . 2010-02-05 18:18 -------- d-----w- c:\program files\ESET
2010-02-05 16:55 . 2010-02-05 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-05 16:55 . 2010-02-10 21:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-28 00:27 . 2010-01-28 00:27 503808 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\msvcp71.dll
2010-01-28 00:27 . 2010-01-28 00:27 348160 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\msvcr71.dll
2010-01-28 00:27 . 2010-01-28 00:27 499712 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\jmc.dll
2010-01-28 00:27 . 2010-01-28 00:27 61440 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-598350f7-n\decora-sse.dll
2010-01-28 00:27 . 2010-01-28 00:27 12800 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-598350f7-n\decora-d3d.dll
2010-01-24 19:10 . 2010-02-12 17:42 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\CallingID
2010-01-24 19:02 . 2010-01-24 19:20 -------- d-----w- c:\windows\rnapxs
2010-01-24 19:00 . 2009-07-30 15:37 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll
2010-01-24 19:00 . 2010-01-24 19:03 -------- d-----w- c:\program files\CA
2010-01-24 18:49 . 2010-01-24 18:55 132441184 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\FD533F7A6C66623BF76127B06BC7FCF6.exe
2010-01-17 03:26 . 2010-01-17 03:26 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\GamersDigital
2010-01-17 03:26 . 2010-01-17 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\GamersDigital

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 18:20 . 2009-11-26 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BOINC
2010-02-13 18:18 . 2006-06-24 04:45 -------- d-----w- c:\program files\CyberPower PowerPanel Personal Edition
2010-02-13 18:17 . 2008-07-13 15:53 849 --sha-w- c:\windows\system32\mmf.sys
2010-02-09 22:31 . 2006-06-13 04:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-09 22:31 . 2006-06-15 02:55 -------- d-----w- c:\program files\Logitech
2010-02-09 22:24 . 2009-12-21 19:46 -------- d-----w- c:\program files\DivX
2010-02-08 20:00 . 2006-06-18 00:20 6268 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-08 19:56 . 2007-10-01 17:52 56 --sh--r- c:\windows\system32\4326BF1B47.sys
2010-02-05 04:40 . 2010-01-10 16:32 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\libfftw3f-3-1-1a_upx.dll
2010-02-05 04:40 . 2010-01-10 16:32 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\setiathome_6.03_windows_intelx86.exe
2010-02-05 04:12 . 2008-11-11 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-05 04:11 . 2009-02-07 04:52 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-03 03:45 . 2009-07-14 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-28 00:27 . 2006-06-13 04:24 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 00:27 . 2006-06-13 04:24 -------- d-----w- c:\program files\Java
2010-01-24 19:07 . 2010-01-24 19:03 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2010-01-24 19:07 . 2010-01-24 19:03 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2010-01-24 19:07 . 2010-01-24 19:03 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2010-01-24 19:07 . 2010-01-24 19:03 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2010-01-24 19:07 . 2010-01-24 19:03 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2010-01-24 19:07 . 2010-01-24 19:03 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2010-01-24 19:07 . 2010-01-24 19:03 111856 ----a-w- c:\windows\system32\isafprod.dll
2010-01-24 19:03 . 2010-01-24 19:03 -------- d-----w- c:\program files\ISSThirdParty
2010-01-24 19:03 . 2010-01-24 19:03 -------- d-----w- c:\program files\Common Files\Scanner
2010-01-24 19:03 . 2010-01-24 19:03 4747264 ----a-w- c:\windows\system32\win32cpr.dll
2010-01-24 19:03 . 2010-01-24 19:03 1867776 ----a-w- c:\windows\system32\winsflt.dll
2010-01-24 18:49 . 2007-08-28 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-01-24 18:23 . 2009-11-05 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-24 01:24 . 2010-01-10 16:32 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\libfftw3f-3-1-1a_upx.dll
2010-01-24 01:24 . 2010-01-10 16:32 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\setiathome_6.03_windows_intelx86.exe
2010-01-21 01:20 . 2009-12-19 06:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 17:51 . 2009-11-09 21:20 0 ----a-w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\prvlcl.dat
2010-01-17 23:29 . 2007-09-17 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 19:52 . 2006-06-16 16:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 17:37 . 2010-01-09 01:34 256 ----a-w- c:\windows\system32\pool.bin
2010-01-12 01:16 . 2006-06-18 00:20 88 -csh--r- c:\windows\system32\471BBF2643.sys
2010-01-12 01:02 . 2010-01-12 01:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album
2010-01-12 01:02 . 2009-01-17 23:26 100520 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-12 00:59 . 2006-07-11 23:32 -------- d-----w- c:\program files\Yahoo!
2010-01-12 00:53 . 2006-07-11 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-01-12 00:51 . 2006-06-13 04:33 -------- d-----w- c:\program files\Common Files\AOL
2010-01-10 16:54 . 2010-01-09 01:33 -------- d-----w- c:\program files\Research In Motion
2010-01-10 16:54 . 2010-01-09 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-01-10 16:52 . 2006-06-18 00:23 100520 ----a-w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-10 16:52 . 2010-01-09 01:34 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Research In Motion
2010-01-10 16:42 . 2010-01-10 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-01-10 16:41 . 2010-01-10 16:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-01-10 16:41 . 2010-01-10 16:41 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Roxio
2010-01-10 04:46 . 2010-01-10 04:46 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\acccore
2010-01-10 04:46 . 2010-01-10 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-01-10 03:55 . 2010-01-10 03:55 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\InstallShield
2010-01-10 03:55 . 2006-06-13 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-10 03:53 . 2006-06-13 04:29 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-10 03:52 . 2006-06-13 04:40 -------- d-----w- c:\program files\Roxio
2010-01-09 01:33 . 2010-01-09 01:33 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-01-07 22:07 . 2008-11-11 19:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-11-11 19:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2005-08-16 09:18 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2005-08-16 09:18 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-24 16:51 . 2009-12-24 16:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-12-23 23:02 . 2009-12-23 22:59 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Virtual City
2009-12-23 18:19 . 2008-06-05 21:03 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\gtk-2.0
2009-12-20 20:28 . 2009-12-20 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-12-20 20:26 . 2009-12-20 20:26 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\TomTom
2009-12-20 20:26 . 2009-12-20 20:26 -------- d-----w- c:\program files\TomTom International B.V
2009-12-20 20:26 . 2009-12-20 20:26 -------- d-----w- c:\program files\TomTom HOME 2
2009-12-20 00:00 . 2009-12-20 00:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-17 23:14 . 2009-01-11 16:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2005-08-16 09:37 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 17:05 . 2009-12-16 17:04 -------- d-----w- c:\program files\QuickTime
2009-12-16 17:04 . 2009-12-16 17:01 -------- d-----w- c:\program files\Kodak
2009-12-16 17:03 . 2009-12-16 17:03 -------- d-----w- c:\program files\Common Files\Kodak
2009-12-16 17:02 . 2009-12-16 17:02 11572208 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\QuickTimeInstaller.exe
2009-12-16 17:02 . 2009-12-16 17:02 163840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\KDEVICES\CR2\cr_stop.exe
2009-12-16 17:02 . 2009-12-16 17:02 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\KSUStop.exe
2009-12-16 17:02 . 2009-12-16 17:02 167936 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\CCS\CCSStop.exe
2009-12-16 17:01 . 2009-12-16 17:01 401408 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_9f2af6a\EasyShrx.Dll
2009-12-16 17:01 . 2009-12-16 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-12-14 07:08 . 2005-08-16 09:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 00:22 . 2008-09-14 23:37 1304 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-12-04 18:22 . 2005-08-16 09:18 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-28 18:03 . 2009-11-28 18:03 448600 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3-1-1a_upx.dll
2009-11-28 18:03 . 2009-11-28 18:03 406016 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
2009-11-28 18:03 . 2009-11-28 18:03 267776 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setigraphics_6.03_windows_intelx86.exe
2009-11-27 17:11 . 2005-08-16 09:18 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 05:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2005-08-16 09:18 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2005-08-16 09:18 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2005-08-16 09:18 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 05:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2005-08-16 09:18 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-12-29 04:05 . 2008-12-29 04:05 434 ----a-w- c:\program files\ryfrcsa.txt
2008-07-07 00:28 . 2008-07-07 00:28 0 ----a-w- c:\program files\temp01
2006-06-24 16:03 . 2006-06-24 16:03 251 -c--a-w- c:\program files\wt3d.ini
2009-02-22 00:12 . 2009-01-25 19:08 88 --sh--r- c:\windows\system32\7996F5D1F8.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2005-10-24 262144]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-06-13 26112]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-11-06 4793088]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2009-11-06 58112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-16 77824]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2010-01-24 374000]
"dvHighMem"="c:\windows\cfgmng32.exe" [2009-06-01 10940416]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2010-01-24 271600]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2010-01-24 333040]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe" [2010-01-24 14064]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-07-16 636144]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-07-16 337136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2009-06-23 1422776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2009-03-27 22:27 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\UmxSbxExw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\windows\system32\ijebmevd.exe c:\windows\system32\ijebmevd.exe:changelist\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R?2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [6/15/2009 11:32 AM 760664]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [1/24/2010 1:00 PM 128240]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/13/2008 9:53 AM 2560]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 5:31 AM 92008]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [1/24/2010 1:03 PM 1400832]
S0 stlntbm;stlntbm;c:\windows\system32\drivers\idfda.sys --> c:\windows\system32\drivers\idfda.sys [?]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [4/1/2009 10:45 AM 875000]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [4/1/2009 10:45 AM 207352]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [1/24/2010 1:03 PM 222448]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officia
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: neopets.com\www
FF - ProfilePath - c:\documents and settings\Steven Wilkins\Application Data\Mozilla\Firefox\Profiles\180nqnda.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.simalo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=0HZ2lRXV&q=
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.simalo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=0HZ2lRXV&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 12:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\SecuROM\License information*]
"datasecu"=hex:9e,2e,0e,a2,45,38,49,80,3a,44,e1,12,b4,db,c3,b7,43,77,13,a6,d1,
bb,21,01,a3,68,a1,5c,b5,6a,d9,96,ba,32,d9,fb,bc,39,d7,e7,32,3b,d3,74,50,3e,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0]
"1"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,b4,b6,07,c1,1b,95,01,
2f
"2"=hex:e4,d7,da,38,b0,b5,3c,88,a2,01,5f,80,71,fc,07,41,22,5f,c1,26,5d,01,8c,
86
"3"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,53,86,fb,a3,af,c0,18,
8b,f9,e5,ef,ce,f2,5f,47,59,1f,2b,25,f6,12,48,81,74

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0\FD1E79A92259B5BC6F3673C7C70B3F80]
"1"=hex:a0,05,e5,14,70,56,59,19,19,f2,d5,d0,45,ea,42,c8,7b,0e,8f,12,8d,fe,0d,
89,e7,25,77,a8,98,63,f3,0c
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:4a,96,16,fb,80,e9,b8,09,b5,a8,4b,7d,13,05,ed,a9,36,6f,2e,0a,c1,b9,4f,
13,60,7b,5d,83,7e,a0,72,39,72,37,3f,58,1d,6c,1e,94,33,24,6f,1b,39,dd,60,ce,\
"4"=hex:eb,1f,6a,44,5b,57,2e,42
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:c9,3a,93,65,d5,aa,5c,a5,af,ff,f0,6c,ea,dc,3b,16,d5,46,14,1e,de,21,e3,
92,cf,d2,a7,a7,d7,a8,3c,60,6f,1e,ad,24,4c,e4,b3,35,f5,88,93,81,10,50,6e,57,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,d5,51,9f,32,fb,06,fa,
8c,e8,22,fe,5a,96,f6,72,ff,b7,d3,87,b3,8d,54,9f,32,5f,3a,e2,a1,97,10,45,b9,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:c7,b0,18,85,7b,39,96,ed
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1716)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1964)
c:\windows\system32\winsflt.dll

- - - - - - - > 'explorer.exe'(5784)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\STEVEN~1\LOCALS~1\Temp\clclean.0001
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\mdmcls32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\windows\system32\mdmcls32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2010-02-13 12:23:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-13 18:22
ComboFix2.txt 2010-02-10 04:10
ComboFix3.txt 2010-02-03 19:04
ComboFix4.txt 2009-02-07 04:46
ComboFix5.txt 2010-02-13 18:00

Pre-Run: 114,651,607,040 bytes free
Post-Run: 114,799,845,376 bytes free

- - End Of File - - 822D41B002FE1FF233ADA67E0C394414

Re: I have no idea. . .13th February 2010, 6:48 pm

After the scan, upon reboot, I'm being flooded with with windows installer messages. One came up before my computer would even start. While it was shutting down after the scan the following DLL initializations failed :

Catchme.cfxxe
NirCMD.cfxxe
PV.cfxxe

I can not keep up with all of the installer boxes, some of them have gone all the way through, but they do not say what they are trying to install. I'm going to have to shut down my computer and continue with this thread from a different computer.

Re: I have no idea. . .14th February 2010, 2:14 am

Some updates. . .I have managed to stop the windows installer. My task manager finally pulled up and I was able to stop it. When bringing up firefox to send this message, a firefox pulled up a page which said that my bookmarks and history system will not be functional. When my computer first started up a message came up that said "HipsCC: The feature you are trying to use is on a network resource that is unavailable. Enter alternate path to a folder containing the installation package hips_cc.msi"

This is the link to the page that firefox linked me to:
http://support.mozilla.com/en-US/kb/The+bookmarks+and+history+system+will+not+be+functional?style_mode=inproduct

My firewall is also not working anymore.

Re: I have no idea. . .14th February 2010, 8:33 pm

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Re: I have no idea. . .15th February 2010, 1:47 am

Malwarebytes' Anti-Malware 1.44
Database version: 3739
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/14/2010 7:46:38 PM
mbam-log-2010-02-14 (19-46-38).txt

Scan type: Quick Scan
Objects scanned: 133604
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: I have no idea. . .15th February 2010, 1:58 am

Another update, I uninstalled CA and installed Comodo and it picked up 36 infections. My Wordperfect seems to be working again, but Firefox is still not working properly, even after uninstalling it and re-installing it. It was acting this way during the short span of time when there was no protection on the computer, even though the message says the problem can be caused by some security software.

The full message is : "The bookmarks and history system will not be functional because one of Firefox's files is in use by another application. Some security software cause this problem." Then it gives the link that I put in the one post. Any idea what to do to remedy that situation?

Re: I have no idea. . .16th February 2010, 3:28 am

The windows installers are still coming up every time windows starts up. The first one will pop up right when the screen that says "Windows is starting up" comes on. I don't know if this information will be useful or not, as I know every system is different and similar symptoms don't necessarily mean the same issue. . .

But my dad, who was the only person I know who opened up the strange email sent from my email address, is experiencing similar problems. The windows installer messages, the balloon popping up saying his anti-virus software is not working (though his, unlike mine, really wasn't active, and he said it would take a few times before he could get it working), and he's also been experiencing some of the other seemingly random things I have. He also said that neither his anti-virus or Malwarebytes was picking anything up. All of the problems started after opening up the email, as all of my problems started around the time it was sent.

Also, I believe Comodo has found whatever problem was messing up my webcam. I was thinking maybe it was just a bug, as the particular webcam has notoriously buggy software. When we tried to uninstall it, it would not uninstall, and when I looked at my firewall log I saw that the camera was accessing the internet MANY times a day and I was not aware of it. I check my firewall log regularly, and that was something I had not seen before.

I found, in the list of quarantined files from Comodo, that there was one that had been in the webcam file. After it was quarantined, my camera started working normally and I was able to uninstall it without any problems.

I just want to keep you updated on the issues that seem to be fixed (for now) vs. the things that are still messing up. Smile...

Re: I have no idea. . .16th February 2010, 2:44 pm

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Re: I have no idea. . .17th February 2010, 11:54 pm

Most of the things the GMER log came up with were COMODO related. The log is extremely large, and there are only a few things sprinkled here and there that I'm not sure if they belong with comodo or not. My computer has begun to crash again, something is sending the CPU usage up to 100%, though I'm not sure what it could be.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-17 17:32:55
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\pxldqpoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB0F2DBDA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB0F2D1B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB0F2D840]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB0F2E35A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB0F2D09A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB0F2F06A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB0F2F302]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB0F2CC60]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB0F2DFC4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB0F2E174]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB0F2CA92]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB0F2ECEC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB0F2D43C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB0F2DA1C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB0F2C7C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB0F2D6CC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB0F2C93A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB0F2E720]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB0F2F648]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB0F2EA88]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB0F2DDC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB0F2EE9A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB0F2E520]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB0F2D3D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB0F2D5C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB0F2CF64]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB0F2CE32]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F18 805047B4 4 Bytes JMP 6114B0F2
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB86F9360, 0x1DE5ED, 0xE8000020]
init C:\WINDOWS\system32\drivers\sigfilt.sys entry point in "init" section [0xB578BF80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003B1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003B82B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003B1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003B19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003B1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003B1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003B18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003B1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003B19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003B1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003B18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003B1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003B4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003B81E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 003B19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003B1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003B1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003B1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003B1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003B1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003B1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003B1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 003B1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 003B1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 003B1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 003B1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 003B1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 003B1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [B9, 83]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 003B1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 003B1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 003B1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 003B1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 003B1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 003B1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 003B1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 003B1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 003B1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 003B1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 003B1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 003B1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 003B1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 003B1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 003B1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003B7E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 003B1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 003B1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 003B1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 003B1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003B7BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[164] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003B7D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[204] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] WININET.dll!InternetConnectA 3D94B0D2 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] WININET.dll!InternetConnectW 3D94C2C0 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[212] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] WININET.DLL!InternetConnectA 3D94B0D2 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[284] WININET.DLL!InternetConnectW 3D94C2C0 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30

Re: I have no idea. . .17th February 2010, 11:59 pm

C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[848] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1140] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}

Re: I have no idea. . .18th February 2010, 12:00 am

.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1192] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1200] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0040FD50 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1228] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}

Re: I have no idea. . .18th February 2010, 12:01 am

.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1576] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[1648] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1732] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}

Re: I have no idea. . .18th February 2010, 12:02 am

.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] WININET.dll!InternetConnectA 3D94B0D2 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] WININET.dll!InternetConnectW 3D94C2C0 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1780] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\stsystra.exe[1968] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}

Re: I have no idea. . .18th February 2010, 12:03 am

.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2024] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] WININET.dll!InternetConnectA 3D94B0D2 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[2032] WININET.dll!InternetConnectW 3D94C2C0 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2040] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[2316] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\sys

Re: I have no idea. . .18th February 2010, 12:04 am

.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2412] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[2448] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}

Re: I have no idea. . .18th February 2010, 12:05 am

.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[2464] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[2476] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2580] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2628] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}

Re: I have no idea. . .18th February 2010, 12:06 am

.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[2696] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[2720] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] shell32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] shell32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] shell32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[2828] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005F1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005F82B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005F18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 005F1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 005F19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 005F1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 005F1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 005F1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 005F18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 005F1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 005F19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 005F1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 005F18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 005F1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005F4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005F81E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 005F19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005F1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005F1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005F1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005F1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005F1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005F1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005F1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005F1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005F1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 005F1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 005F1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 005F1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 005F1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 005F1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 005F1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [DD, 83]
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 005F1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 005F1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 005F1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 005F1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 005F1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 005F1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 005F1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 005F1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 005F1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 005F1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005F1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 005F1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 005F1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 005F1640

Re: I have no idea. . .18th February 2010, 12:06 am

C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 005F1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 005F1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 005F7E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 005F1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 005F1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 005F1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 005F1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 005F1E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 005F1E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 005F7BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PSIService.exe[2916] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 005F7D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3004] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}

Re: I have no idea. . .18th February 2010, 12:07 am

.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3020] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3152] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}

Re: I have no idea. . .18th February 2010, 12:08 am

.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3928] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[10484] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[10876] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] shell32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] shell32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] shell32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\gmer\gmer.exe[11592] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

Re: I have no idea. . .18th February 2010, 12:08 am

.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[15544] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9D246E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9D247B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D24780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9D24740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9D24740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9D247B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9D246E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D24780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D24780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9D24740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9D247B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9D246E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9D24740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9D24780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9D246E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9D247B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9D246E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9D247B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9D24740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D24780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9D24740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9D247B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9D246E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9D24740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D24780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9D246E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9D247B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \FileSystem\Fastfat \Fat A2DFCD20
Device \FileSystem\Fastfat \Fat A2E009F2

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0148267.exe 2918814 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0148267.exe.info 252 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0161385.exe 1536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0161385.exe.info 264 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0161387.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0161387.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0161392.pif 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0161392.pif.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0161394.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0161394.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162742.exe 1536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162742.exe.info 264 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162744.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162757.pif 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162757.pif.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162809.exe 1536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162809.exe.info 264 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162811.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162811.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162823.pif 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162823.pif.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162826.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162826.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162861.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162861.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162947.exe 1536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162947.exe.info 264 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162949.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162949.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162955.pif 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162955.pif.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162957.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162957.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162988.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162988.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0163111.exe 1536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0163113.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0163113.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0163119.pif 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0163119.pif.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0163121.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0163121.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0167156.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0167156.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0167290.exe 1536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0167290.exe.info 264 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0167292.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0167292.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0167298.pif 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0167298.pif.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0167301.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0167301.exe.info 266 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ACEDRV05.sys 97792 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ACEDRV05.sys.info 122 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ComboFix.exe 3852933 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ComboFix.exe.info 228 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\InstMed.exe 477920 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\InstMed.exe.info 176 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NIRCMD.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NIRCMD.exe.info 120 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\senekarmmoqvdl.dat.vir 59 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\senekarmmoqvdl.dat.vir.info 186 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0162744.exe 31232 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0163111.exe.info 264 bytes

---- EOF - GMER 1.0.15 ----

Re: I have no idea. . .18th February 2010, 12:10 am

Like I said, it was EXTREMELY long. If you want me to, I can go through it for you and pick out the things that are not (at least in name) COMODO related. I know it would be a tedious task and that you must be very busy, so I would be more than willing to help with it if you want me to.

Re: I have no idea. . .18th February 2010, 5:36 am

Download this << file >> & extract TDSSKiller.exe onto your Desktop

Then create this batch file to be placed next to TDSSKiller

=====

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:

@ECHO OFF
START /WAIT TDSSKILLER.exe -l Logit.txt -v
START Logit.txt
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this: I have no idea. . . Bat_icon

Double click on fix.bat & allow it to run

Post back to tell me what it says

Re: I have no idea. . .18th February 2010, 6:39 pm

Everything came back clean on it.

I forgot to add some more details about some of the recent going ons with my computer. Remember I said that Firefox was not working correctly? This happened after a message had popped up asking me if I wanted to make it my default browser. I've always use firefox and have for over a year, and I have never been asked to make it my default browser. I know I should have thought it was strange, but I wasn't thinking straight and clicked "OK". The problems started instantly. Before that, internet explorer was my default even though I never used it. Any time IE would try to open my computer would freeze, until I switched the default to Firefox, in which it doesn't freeze, but I get the message I posted earlier.

Also, one of the things that COMODO detected on both my computer and my dads was something called Heur.pck.PKLITE32 and it was found in C:\windows\system32\drivers\ACEDRV05.sys. I know heuristic scanners can come up with false positives, so I was wondering what information you could give me on this before I go any further with it.

Re: I have no idea. . .18th February 2010, 7:39 pm

That file comes from a legit company out of Germany. (Protect Software GMBH)

They make software that contains that file. The disc they manufacture contains an anti-hacking component which protects the disc from infiltration.

See this site: http://www.protectdisc.com/index.php

========

Everything came back clean on it.

How do you know? Post the log, please.

Re: I have no idea. . .18th February 2010, 8:39 pm

Ok, thank you. I'll make sure to keep that in mind when running further scans.

I'm sorry, I didn't know you wanted the log, I thought you meant for me to tell you what the verdicts were. My mistake. . .I knew that seemed a little weird. Big Grin

14:37:17:828 3276 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31
14:37:17:828 3276 ================================================================================
14:37:17:828 3276 SystemInfo:

14:37:17:828 3276 OS Version: 5.1.2600 ServicePack: 3.0
14:37:17:828 3276 Product type: Workstation
14:37:17:828 3276 ComputerName: WILKINS
14:37:17:828 3276 UserName: Steven Wilkins
14:37:17:828 3276 Windows directory: C:\WINDOWS
14:37:17:828 3276 Processor architecture: Intel x86
14:37:17:828 3276 Number of processors: 2
14:37:17:828 3276 Page size: 0x1000
14:37:17:843 3276 Boot type: Normal boot
14:37:17:843 3276 ================================================================================
14:37:17:843 3276 UnloadDriverW: NtUnloadDriver error 2
14:37:17:843 3276 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:37:17:843 3276 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
14:37:17:859 3276 UtilityInit: KLMD drop and load success
14:37:17:859 3276 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
14:37:17:859 3276 UtilityInit: KLMD open success
14:37:17:859 3276 UtilityInit: Initialize success
14:37:17:859 3276
14:37:17:859 3276 Scanning Services ...
14:37:17:859 3276 CreateRegParser: Registry parser init started
14:37:17:859 3276 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
14:37:17:859 3276 CreateRegParser: DisableWow64Redirection error
14:37:17:859 3276 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
14:37:17:859 3276 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
14:37:17:859 3276 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:37:17:859 3276 wfopen_ex: Trying to KLMD file open
14:37:17:859 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
14:37:17:859 3276 wfopen_ex: File opened ok (Flags 2)
14:37:17:859 3276 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 3C49E0
14:37:17:859 3276 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
14:37:17:859 3276 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
14:37:17:859 3276 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:37:17:859 3276 wfopen_ex: Trying to KLMD file open
14:37:17:859 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
14:37:17:859 3276 wfopen_ex: File opened ok (Flags 2)
14:37:17:859 3276 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 3C4A88
14:37:17:859 3276 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
14:37:17:859 3276 CreateRegParser: EnableWow64Redirection error
14:37:17:859 3276 CreateRegParser: RegParser init completed
14:37:17:921 3276 GetAdvancedServicesInfo: Raw services enum returned 388 services
14:37:17:921 3276 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
14:37:17:921 3276 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
14:37:17:921 3276
14:37:17:921 3276 Scanning Kernel memory ...
14:37:17:921 3276 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
14:37:17:921 3276 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A8FC910
14:37:17:921 3276 DetectCureTDL3: KLMD_GetDeviceObjectList returned 12 DevObjects
14:37:17:921 3276
14:37:17:921 3276 DetectCureTDL3: DEVICE_OBJECT: 890ED030
14:37:17:921 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 890ED030
14:37:17:921 3276 KLMD_ReadMem: Trying to ReadMemory 0x890ED030[0x38]
14:37:17:921 3276 DetectCureTDL3: DRIVER_OBJECT: 8A8FC910
14:37:17:921 3276 KLMD_ReadMem: Trying to ReadMemory 0x8A8FC910[0xA8]
14:37:17:921 3276 KLMD_ReadMem: Trying to ReadMemory 0xE1939758[0x18]
14:37:17:921 3276 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:921 3276 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562
14:37:17:921 3276 TDL3_FileDetect: Processing driver: Disk
14:37:17:921 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:17:921 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:17:953 3276 TDL3_FileDetect: Processing driver: Disk
14:37:17:953 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:17:953 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:17:953 3276 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:37:17:953 3276
14:37:17:953 3276 DetectCureTDL3: DEVICE_OBJECT: 8909A030
14:37:17:953 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8909A030
14:37:17:953 3276 KLMD_ReadMem: Trying to ReadMemory 0x8909A030[0x38]
14:37:17:953 3276 DetectCureTDL3: DRIVER_OBJECT: 8A8FC910
14:37:17:953 3276 KLMD_ReadMem: Trying to ReadMemory 0x8A8FC910[0xA8]
14:37:17:953 3276 KLMD_ReadMem: Trying to ReadMemory 0xE1939758[0x18]
14:37:17:953 3276 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:953 3276 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562
14:37:17:953 3276 TDL3_FileDetect: Processing driver: Disk
14:37:17:953 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:17:953 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:17:968 3276 TDL3_FileDetect: Processing driver: Disk
14:37:17:968 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:17:968 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:17:968 3276 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:37:17:968 3276
14:37:17:968 3276 DetectCureTDL3: DEVICE_OBJECT: 88F92498
14:37:17:968 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88F92498
14:37:17:968 3276 KLMD_ReadMem: Trying to ReadMemory 0x88F92498[0x38]
14:37:17:968 3276 DetectCureTDL3: DRIVER_OBJECT: 8A8FC910
14:37:17:968 3276 KLMD_ReadMem: Trying to ReadMemory 0x8A8FC910[0xA8]
14:37:17:968 3276 KLMD_ReadMem: Trying to ReadMemory 0xE1939758[0x18]
14:37:17:984 3276 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:984 3276 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562
14:37:17:984 3276 TDL3_FileDetect: Processing driver: Disk
14:37:17:984 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:17:984 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:17:984 3276 TDL3_FileDetect: Processing driver: Disk
14:37:17:984 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:17:984 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:000 3276 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:37:18:000 3276
14:37:18:000 3276 DetectCureTDL3: DEVICE_OBJECT: 890DC030
14:37:18:000 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 890DC030
14:37:18:000 3276 KLMD_ReadMem: Trying to ReadMemory 0x890DC030[0x38]
14:37:18:000 3276 DetectCureTDL3: DRIVER_OBJECT: 8A8FC910
14:37:18:000 3276 KLMD_ReadMem: Trying to ReadMemory 0x8A8FC910[0xA8]
14:37:18:000 3276 KLMD_ReadMem: Trying to ReadMemory 0xE1939758[0x18]
14:37:18:000 3276 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562
14:37:18:000 3276 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562
14:37:18:000 3276 TDL3_FileDetect: Processing driver: Disk
14:37:18:000 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:000 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:000 3276 TDL3_FileDetect: Processing driver: Disk
14:37:18:000 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:000 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:015 3276 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:37:18:015 3276
14:37:18:015 3276 DetectCureTDL3: DEVICE_OBJECT: 89103920
14:37:18:015 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89103920
14:37:18:015 3276 DetectCureTDL3: DEVICE_OBJECT: 890F1330
14:37:18:015 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 890F1330
14:37:18:015 3276 DetectCureTDL3: DEVICE_OBJECT: 89D32810
14:37:18:015 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D32810
14:37:18:015 3276 KLMD_ReadMem: Trying to ReadMemory 0x89D32810[0x38]
14:37:18:015 3276 DetectCureTDL3: DRIVER_OBJECT: 891FA4D8
14:37:18:015 3276 KLMD_ReadMem: Trying to ReadMemory 0x891FA4D8[0xA8]
14:37:18:015 3276 KLMD_ReadMem: Trying to ReadMemory 0xE1956FB0[0x1E]
14:37:18:015 3276 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_CREATE : AF47B218
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_CLOSE : AF47B218
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_READ : AF47B23C
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_WRITE : AF47B23C
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : AF47B180
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : AF4769E6
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_POWER : AF47A5F0
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : AF478A6E
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562
14:37:18:015 3276 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562
14:37:18:015 3276 TDL3_FileDetect: Processing driver: USBSTOR
14:37:18:015 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:015 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:046 3276 KLMD_ReadMem: Trying to ReadMemory 0xAF477F26[0x400]
14:37:18:046 3276 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
14:37:18:046 3276 TDL3_FileDetect: Processing driver: USBSTOR
14:37:18:046 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:046 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:046 3276 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
14:37:18:046 3276
14:37:18:046 3276 DetectCureTDL3: DEVICE_OBJECT: 89106030
14:37:18:046 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89106030
14:37:18:046 3276 DetectCureTDL3: DEVICE_OBJECT: 890F3ED0
14:37:18:046 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 890F3ED0
14:37:18:046 3276 DetectCureTDL3: DEVICE_OBJECT: 89DBE2E0
14:37:18:046 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DBE2E0
14:37:18:046 3276 KLMD_ReadMem: Trying to ReadMemory 0x89DBE2E0[0x38]
14:37:18:046 3276 DetectCureTDL3: DRIVER_OBJECT: 891FA4D8
14:37:18:046 3276 KLMD_ReadMem: Trying to ReadMemory 0x891FA4D8[0xA8]
14:37:18:046 3276 KLMD_ReadMem: Trying to ReadMemory 0xE1956FB0[0x1E]
14:37:18:046 3276 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_CREATE : AF47B218
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_CLOSE : AF47B218
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_READ : AF47B23C
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_WRITE : AF47B23C
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : AF47B180
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : AF4769E6
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_POWER : AF47A5F0
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : AF478A6E
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562
14:37:18:046 3276 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562
14:37:18:046 3276 TDL3_FileDetect: Processing driver: USBSTOR
14:37:18:046 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:046 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:062 3276 KLMD_ReadMem: Trying to ReadMemory 0xAF477F26[0x400]
14:37:18:062 3276 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
14:37:18:062 3276 TDL3_FileDetect: Processing driver: USBSTOR
14:37:18:062 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:062 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:062 3276 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
14:37:18:062 3276
14:37:18:062 3276 DetectCureTDL3: DEVICE_OBJECT: 8910A030
14:37:18:062 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8910A030
14:37:18:062 3276 DetectCureTDL3: DEVICE_OBJECT: 890F9ED0
14:37:18:062 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 890F9ED0
14:37:18:062 3276 DetectCureTDL3: DEVICE_OBJECT: 89125030
14:37:18:062 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89125030
14:37:18:062 3276 KLMD_ReadMem: Trying to ReadMemory 0x89125030[0x38]
14:37:18:062 3276 DetectCureTDL3: DRIVER_OBJECT: 891FA4D8
14:37:18:062 3276 KLMD_ReadMem: Trying to ReadMemory 0x891FA4D8[0xA8]
14:37:18:062 3276 KLMD_ReadMem: Trying to ReadMemory 0xE1956FB0[0x1E]
14:37:18:062 3276 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_CREATE : AF47B218
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_CLOSE : AF47B218
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_READ : AF47B23C
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_WRITE : AF47B23C
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : AF47B180
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : AF4769E6
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_POWER : AF47A5F0
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : AF478A6E
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562
14:37:18:062 3276 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562
14:37:18:062 3276 TDL3_FileDetect: Processing driver: USBSTOR
14:37:18:062 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:062 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:078 3276 KLMD_ReadMem: Trying to ReadMemory 0xAF477F26[0x400]
14:37:18:078 3276 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
14:37:18:078 3276 TDL3_FileDetect: Processing driver: USBSTOR
14:37:18:078 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:078 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:078 3276 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
14:37:18:078 3276
14:37:18:078 3276 DetectCureTDL3: DEVICE_OBJECT: 890F9030
14:37:18:078 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 890F9030
14:37:18:078 3276 DetectCureTDL3: DEVICE_OBJECT: 891F0020
14:37:18:078 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 891F0020
14:37:18:078 3276 DetectCureTDL3: DEVICE_OBJECT: 8915EAF8
14:37:18:078 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8915EAF8
14:37:18:078 3276 KLMD_ReadMem: Trying to ReadMemory 0x8915EAF8[0x38]
14:37:18:078 3276 DetectCureTDL3: DRIVER_OBJECT: 891FA4D8
14:37:18:078 3276 KLMD_ReadMem: Trying to ReadMemory 0x891FA4D8[0xA8]
14:37:18:078 3276 KLMD_ReadMem: Trying to ReadMemory 0xE1956FB0[0x1E]
14:37:18:078 3276 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
14:37:18:078 3276 DetectCureTDL3: IRP_MJ_CREATE : AF47B218
14:37:18:078 3276 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:18:078 3276 DetectCureTDL3: IRP_MJ_CLOSE : AF47B218
14:37:18:078 3276 DetectCureTDL3: IRP_MJ_READ : AF47B23C
14:37:18:078 3276 DetectCureTDL3: IRP_MJ_WRITE : AF47B23C
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : AF47B180
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : AF4769E6
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_POWER : AF47A5F0
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : AF478A6E
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562
14:37:18:093 3276 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562
14:37:18:093 3276 TDL3_FileDetect: Processing driver: USBSTOR
14:37:18:093 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:093 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:125 3276 KLMD_ReadMem: Trying to ReadMemory 0xAF477F26[0x400]
14:37:18:125 3276 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
14:37:18:125 3276 TDL3_FileDetect: Processing driver: USBSTOR
14:37:18:125 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:125 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:18:125 3276 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
14:37:18:125 3276
14:37:18:125 3276 DetectCureTDL3: DEVICE_OBJECT: 8A8D7838
14:37:18:125 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A8D7838
14:37:18:125 3276 KLMD_ReadMem: Trying to ReadMemory 0x8A8D7838[0x38]
14:37:18:125 3276 DetectCureTDL3: DRIVER_OBJECT: 8A8FC910
14:37:18:125 3276 KLMD_ReadMem: Trying to ReadMemory 0x8A8FC910[0xA8]
14:37:18:125 3276 KLMD_ReadMem: Trying to ReadMemory 0xE1939758[0x18]
14:37:18:125 3276 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562
14:37:18:125 3276 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562
14:37:18:125 3276 TDL3_FileDetect: Processing driver: Disk
14:37:18:125 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:125 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:140 3276 TDL3_FileDetect: Processing driver: Disk
14:37:18:140 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:140 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:156 3276 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:37:18:156 3276
14:37:18:156 3276 DetectCureTDL3: DEVICE_OBJECT: 8A8F7C68
14:37:18:156 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A8F7C68
14:37:18:156 3276 KLMD_ReadMem: Trying to ReadMemory 0x8A8F7C68[0x38]
14:37:18:156 3276 DetectCureTDL3: DRIVER_OBJECT: 8A8FC910
14:37:18:156 3276 KLMD_ReadMem: Trying to ReadMemory 0x8A8FC910[0xA8]
14:37:18:156 3276 KLMD_ReadMem: Trying to ReadMemory 0xE1939758[0x18]
14:37:18:156 3276 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562
14:37:18:156 3276 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562
14:37:18:156 3276 TDL3_FileDetect: Processing driver: Disk
14:37:18:156 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:156 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:156 3276 TDL3_FileDetect: Processing driver: Disk
14:37:18:156 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:156 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:171 3276 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:37:18:171 3276
14:37:18:171 3276 DetectCureTDL3: DEVICE_OBJECT: 8A8CBC68
14:37:18:171 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A8CBC68
14:37:18:171 3276 KLMD_ReadMem: Trying to ReadMemory 0x8A8CBC68[0x38]
14:37:18:171 3276 DetectCureTDL3: DRIVER_OBJECT: 8A8FC910
14:37:18:171 3276 KLMD_ReadMem: Trying to ReadMemory 0x8A8FC910[0xA8]
14:37:18:171 3276 KLMD_ReadMem: Trying to ReadMemory 0xE1939758[0x18]
14:37:18:171 3276 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562
14:37:18:171 3276 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562
14:37:18:171 3276 TDL3_FileDetect: Processing driver: Disk
14:37:18:171 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:171 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:187 3276 TDL3_FileDetect: Processing driver: Disk
14:37:18:187 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:187 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:18:203 3276 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:37:18:203 3276
14:37:18:203 3276 DetectCureTDL3: DEVICE_OBJECT: 8A90DAB8
14:37:18:203 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A90DAB8
14:37:18:203 3276 DetectCureTDL3: DEVICE_OBJECT: 8A901030
14:37:18:203 3276 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A901030
14:37:18:203 3276 KLMD_ReadMem: Trying to ReadMemory 0x8A901030[0x38]
14:37:18:203 3276 DetectCureTDL3: DRIVER_OBJECT: 8A8FCA08
14:37:18:203 3276 KLMD_ReadMem: Trying to ReadMemory 0x8A8FCA08[0xA8]
14:37:18:203 3276 KLMD_ReadMem: Trying to ReadMemory 0xE101D8B0[0x1C]
14:37:18:203 3276 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iastor, Driver Name: iastor
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_CREATE : B9E45142
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_CLOSE : B9E45142
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_READ : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_WRITE : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B9E4884E
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B9E48B10
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_POWER : B9E4D968
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B9E4D9F4
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562
14:37:18:203 3276 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562
14:37:18:203 3276 TDL3_FileDetect: Processing driver: iastor
14:37:18:203 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\iastor.sys
14:37:18:203 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\iastor.sys
14:37:18:234 3276 TDL3_FileDetect: Processing driver: iastor
14:37:18:234 3276 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\iastor.sys
14:37:18:234 3276 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\iastor.sys
14:37:18:265 3276 TDL3_FileDetect: C:\WINDOWS\system32\drivers\iastor.sys - Verdict: Clean
14:37:18:265 3276
14:37:18:265 3276 Completed
14:37:18:265 3276
14:37:18:265 3276 Results:
14:37:18:265 3276 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
14:37:18:265 3276 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:37:18:265 3276 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:37:18:265 3276
14:37:18:281 3276 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
14:37:18:281 3276 UtilityDeinit: KLMD(ARK) unloaded successfully

Re: I have no idea. . .18th February 2010, 8:42 pm

Oh, I forgot. . .Should there be 2 of the PKlite32's? Or just one? Two were found, but only one was quarantined. Should I leave it there or take it out? The one was left alone and has not come up in any other scans.

Edit: And, I forgot again. . .I reinstalled firefox and did not make it my default browser. Its working normally now.

Re: I have no idea. . .18th February 2010, 9:25 pm

Remove the one thing there.

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results, click Yes to the Optional_Scan
Please follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your Desktop.

Re: I have no idea. . .21st February 2010, 7:34 pm

Nothing came up about an optional scan. The program shuts down after running the scan and the log pops up.

My computer has been running decently the last few days. The installer messages were getting so obnoxious, we had to do something just to get on the computer. You could shut them down with task manager, and they'd stop for a while, but they'd eventually come back. Only when they came back they would be different. They were no longer generic "Windows installer-Preparing to install". They would take the name of whatever program happened to be running at the time. They would not start up when any program would start up, only a few. The message would only change slightly. . .say, if I were browsing through a Sonic file, they would come up "Windows Installer- Sonic- Preparing to install". But they would pop up in the same pattern as the generic installer messages. They have a very distinct pattern when they pop up, and I noticed this when the other messages would pop up. So, even if they had a name to them, I still believe they were from the same program that caused the generic ones.

So, we downloaded a program from Microsoft that allowed us to block the installer from working on programs that were already installed. It doesn't mess with updates or anything, they still work fine. Since we installed that program, all the installer messages have stopped, the generic ones and the named ones. I know whatever has caused all the problems my computer had is probably still there, but the symptoms have been patched up as of now. It may not have been the best solution to the installer problem, but it was the only thing we could think of to get our computer functioning properly enough to actually use so that we can try and figure out what the source problem actually is. It took us a while, which is why it took me so long to post back to you. I'm truly sorry for the wait.

Anyways, sorry for the ramble. . .here's the log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Steven Wilkins at 13:07:22.46 on Sun 02/21/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1404 [GMT -6:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ehome\EHTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officia
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.0.13)_Gecko/2009073022_Firefox/3.0.13_(.NET_CLR_3.5.30729)_FBSMTWB" -"http://www.nickjr.com/playtime/cats/games/little_bear/bear_dressup.jhtml"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: neopets.com\www
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.38.33/ttinst.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {7EE43045-CC52-48A0-B43F-385AEA3C4517} = 156.154.70.22,156.154.71.22
AppInit_DLLs: c:\windows\system32\umxsbxexw.dll c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steven~1\applic~1\mozilla\firefox\profiles\z80lg0wk.default\
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-2-14 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-2-14 25160]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-2-14 723632]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-7-13 2560]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
S0 stlntbm;stlntbm;c:\windows\system32\drivers\idfda.sys --> c:\windows\system32\drivers\idfda.sys [?]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]

=============== Created Last 30 ================

2010-02-18 23:02:30 0 d-----w- c:\program files\Shockwave.com
2010-02-18 20:55:10 0 d-----w- c:\docume~1\alluse~1\applic~1\rionix
2010-02-18 20:53:49 0 d-----w- c:\program files\Oberon Media
2010-02-18 02:59:39 0 d-----w- c:\program files\CCleaner
2010-02-16 03:38:08 0 d-----w- c:\program files\Windows Installer Clean Up
2010-02-16 03:37:52 0 d-----w- c:\program files\MSECACHE
2010-02-14 18:57:13 251 ----a-w- c:\windows\cfplogvw.INI
2010-02-14 17:25:46 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-02-14 17:20:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo
2010-02-14 17:20:51 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-14 17:20:51 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-14 17:20:51 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-14 17:20:48 0 d-----w- c:\program files\COMODO
2010-02-09 22:32:05 1904 ----a-w- c:\windows\_delis32.ini
2010-02-05 18:18:57 0 d-----w- c:\program files\ESET
2010-02-05 16:55:42 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-03 18:47:33 77312 ----a-w- c:\windows\MBR.exe
2010-02-03 18:47:32 261632 ----a-w- c:\windows\PEV.exe
2010-01-24 19:02:56 0 d-----w- c:\windows\rnapxs
2010-01-24 19:00:29 18018 ----a-w- c:\windows\system32\entitlement.xml

==================== Find3M ====================

2010-02-18 19:53:26 6268 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-12-17 23:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2009-02-22 00:12:44 88 --sh--r- c:\windows\system32\7996F5D1F8.sys
2008-09-06 04:41:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 13:07:54.12 ===============

Re: I have no idea. . .23rd February 2010, 1:37 am

I saw you got help last year at TSG: http://forums.techguy.org/malware-removal-hijackthis-logs/792249-several-different-malware-issues.html

No biggie. But, the helper did not have you delete this file: c:\windows\system32\7996F5D1F8.sys

=====

If you have ComboFix, please delete it and download a new copy.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Re: I have no idea. . .25th February 2010, 1:09 am

Yes, that is where I went the last time I had a problem. I couldn't remember the name of the site. Is that file something that should have been deleted at that time? Here is the Combofix log.

ComboFix 10-02-24.01 - Steven Wilkins 02/24/2010 18:24:44.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1395 [GMT -6:00]
Running from: c:\documents and settings\Steven Wilkins\My Documents\Downloads\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Steven Wilkins\My Documents\cc_20100217_210402.reg

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-25 00:00 . 2010-02-25 00:00 -------- d-----w- c:\windows\LastGood
2010-02-23 17:03 . 2010-02-24 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-02-18 23:02 . 2010-02-25 00:17 -------- d-----w- c:\program files\Shockwave.com
2010-02-18 20:55 . 2010-02-18 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\rionix
2010-02-18 02:59 . 2010-02-18 02:59 -------- d-----w- c:\program files\CCleaner
2010-02-16 03:38 . 2010-02-16 03:38 3584 ----a-r- c:\documents and settings\Steven Wilkins\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-02-16 03:38 . 2010-02-16 03:38 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-02-16 03:37 . 2010-02-16 03:37 -------- d-----w- c:\program files\MSECACHE
2010-02-14 17:25 . 2010-02-15 02:42 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-02-14 17:20 . 2010-02-14 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-02-14 17:20 . 2010-02-14 17:20 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-14 17:20 . 2010-02-14 17:20 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-14 17:20 . 2010-02-14 17:20 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-14 17:20 . 2010-02-14 17:20 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-14 17:20 . 2010-02-14 17:20 -------- d-----w- c:\program files\COMODO
2010-02-05 18:18 . 2010-02-05 18:18 -------- d-----w- c:\program files\ESET
2010-02-05 16:55 . 2010-02-05 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-28 00:27 . 2010-01-28 00:27 503808 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\msvcp71.dll
2010-01-28 00:27 . 2010-01-28 00:27 348160 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\msvcr71.dll
2010-01-28 00:27 . 2010-01-28 00:27 499712 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\jmc.dll
2010-01-28 00:27 . 2010-01-28 00:27 61440 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-598350f7-n\decora-sse.dll
2010-01-28 00:27 . 2010-01-28 00:27 12800 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-598350f7-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 00:17 . 2007-09-17 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-24 17:36 . 2007-09-06 14:39 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\PlayFirst
2010-02-24 17:36 . 2007-09-06 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-02-24 11:42 . 2006-06-24 04:45 -------- d-----w- c:\program files\CyberPower PowerPanel Personal Edition
2010-02-23 17:20 . 2009-03-05 21:22 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Boomzap
2010-02-18 19:53 . 2007-10-01 17:52 56 --sh--r- c:\windows\system32\4326BF1B47.sys
2010-02-18 19:53 . 2006-06-18 00:20 6268 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-18 03:07 . 2008-07-13 15:53 849 --sha-w- c:\windows\system32\mmf.sys
2010-02-17 23:33 . 2006-06-18 00:23 85072 ----a-w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-15 02:34 . 2006-06-15 02:55 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-15 02:30 . 2006-06-13 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
2010-02-15 02:28 . 2010-01-10 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-02-15 02:28 . 2006-06-13 04:40 -------- d-----w- c:\program files\Roxio
2010-02-15 02:28 . 2006-06-13 04:29 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-02-15 02:28 . 2006-06-13 04:29 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-02-15 02:25 . 2010-01-09 01:34 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Research In Motion
2010-02-15 02:25 . 2010-01-09 01:33 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-02-15 01:19 . 2009-11-26 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BOINC
2010-02-14 02:44 . 2010-01-10 16:32 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\libfftw3f-3-1-1a_upx.dll
2010-02-14 02:44 . 2010-01-10 16:32 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\setiathome_6.03_windows_intelx86.exe
2010-02-09 22:31 . 2006-06-13 04:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 04:40 . 2010-01-10 16:32 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\libfftw3f-3-1-1a_upx.dll
2010-02-05 04:40 . 2010-01-10 16:32 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\setiathome_6.03_windows_intelx86.exe
2010-02-05 04:12 . 2008-11-11 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-05 04:11 . 2009-02-07 04:52 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-03 03:45 . 2009-07-14 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-28 00:27 . 2006-06-13 04:24 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 00:27 . 2006-06-13 04:24 -------- d-----w- c:\program files\Java
2010-01-24 18:23 . 2009-11-05 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-18 17:51 . 2009-11-09 21:20 0 ----a-w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\prvlcl.dat
2010-01-17 03:26 . 2010-01-17 03:26 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\GamersDigital
2010-01-17 03:26 . 2010-01-17 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\GamersDigital
2010-01-14 19:52 . 2006-06-16 16:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 17:37 . 2010-01-09 01:34 256 ----a-w- c:\windows\system32\pool.bin
2010-01-12 01:16 . 2006-06-18 00:20 88 -csh--r- c:\windows\system32\471BBF2643.sys
2010-01-12 01:02 . 2010-01-12 01:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album
2010-01-12 01:02 . 2009-01-17 23:26 100520 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-12 00:59 . 2006-07-11 23:32 -------- d-----w- c:\program files\Yahoo!
2010-01-12 00:53 . 2006-07-11 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-01-12 00:51 . 2006-06-13 04:33 -------- d-----w- c:\program files\Common Files\AOL
2010-01-10 16:41 . 2010-01-10 16:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-01-10 16:41 . 2010-01-10 16:41 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Roxio
2010-01-10 04:46 . 2010-01-10 04:46 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\acccore
2010-01-10 04:46 . 2010-01-10 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-01-10 03:55 . 2010-01-10 03:55 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\InstallShield
2010-01-10 03:55 . 2006-06-13 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-07 22:07 . 2008-11-11 19:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-11-11 19:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2005-08-16 09:18 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2005-08-16 09:18 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 23:14 . 2009-01-11 16:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2005-08-16 09:37 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 17:02 . 2009-12-16 17:02 11572208 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\QuickTimeInstaller.exe
2009-12-16 17:02 . 2009-12-16 17:02 163840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\KDEVICES\CR2\cr_stop.exe
2009-12-16 17:02 . 2009-12-16 17:02 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\KSUStop.exe
2009-12-16 17:02 . 2009-12-16 17:02 167936 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\CCS\CCSStop.exe
2009-12-16 17:01 . 2009-12-16 17:01 401408 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_9f2af6a\EasyShrx.Dll
2009-12-14 07:08 . 2005-08-16 09:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 00:22 . 2008-09-14 23:37 1304 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-12-08 19:26 . 2005-08-16 09:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 03:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2005-08-16 09:18 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-28 18:03 . 2009-11-28 18:03 448600 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3-1-1a_upx.dll
2009-11-28 18:03 . 2009-11-28 18:03 406016 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
2009-11-28 18:03 . 2009-11-28 18:03 267776 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setigraphics_6.03_windows_intelx86.exe
2009-11-27 17:11 . 2005-08-16 09:18 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 05:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2005-08-16 09:18 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2005-08-16 09:18 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2005-08-16 09:18 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 05:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-02-22 00:12 . 2009-01-25 19:08 88 --sh--r- c:\windows\system32\7996F5D1F8.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2005-10-24 262144]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-14 1800464]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\windows\system32\ijebmevd.exe c:\windows\system32\ijebmevd.exe:changelist\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-06-13 04:34 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2005-09-19 12:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2/14/2010 11:20 AM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2/14/2010 11:20 AM 25160]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 5:31 AM 92008]
S0 stlntbm;stlntbm;c:\windows\system32\drivers\idfda.sys --> c:\windows\system32\drivers\idfda.sys [?]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/13/2008 9:53 AM 2560]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD21
*Deregistered* - klmd21
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officia
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: neopets.com\www
TCP: {7EE43045-CC52-48A0-B43F-385AEA3C4517} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Steven Wilkins\Application Data\Mozilla\Firefox\Profiles\z80lg0wk.default\
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BFG-Awakening - The Dreamless Castle - c:\program files\Awakening - The Dreamless Castle\Uninstall.exe
AddRemove-BFGC - c:\program files\bfgclient\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 18:29
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\SecuROM\License information*]
"datasecu"=hex:9e,2e,0e,a2,45,38,49,80,3a,44,e1,12,b4,db,c3,b7,43,77,13,a6,d1,
bb,21,01,a3,68,a1,5c,b5,6a,d9,96,ba,32,d9,fb,bc,39,d7,e7,32,3b,d3,74,50,3e,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0]
"1"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,b4,b6,07,c1,1b,95,01,
2f
"2"=hex:e4,d7,da,38,b0,b5,3c,88,a2,01,5f,80,71,fc,07,41,22,5f,c1,26,5d,01,8c,
86
"3"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,53,86,fb,a3,af,c0,18,
8b,f9,e5,ef,ce,f2,5f,47,59,1f,2b,25,f6,12,48,81,74

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0\FD1E79A92259B5BC6F3673C7C70B3F80]
"1"=hex:a0,05,e5,14,70,56,59,19,19,f2,d5,d0,45,ea,42,c8,7b,0e,8f,12,8d,fe,0d,
89,e7,25,77,a8,98,63,f3,0c
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:4a,96,16,fb,80,e9,b8,09,b5,a8,4b,7d,13,05,ed,a9,36,6f,2e,0a,c1,b9,4f,
13,60,7b,5d,83,7e,a0,72,39,72,37,3f,58,1d,6c,1e,94,33,24,6f,1b,39,dd,60,ce,\
"4"=hex:eb,1f,6a,44,5b,57,2e,42
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:c9,3a,93,65,d5,aa,5c,a5,af,ff,f0,6c,ea,dc,3b,16,d5,46,14,1e,de,21,e3,
92,cf,d2,a7,a7,d7,a8,3c,60,6f,1e,ad,24,4c,e4,b3,35,f5,88,93,81,10,50,6e,57,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,d5,51,9f,32,fb,06,fa,
8c,e8,22,fe,5a,96,f6,72,ff,b7,d3,87,b3,8d,54,9f,32,5f,3a,e2,a1,97,10,45,b9,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:c7,b0,18,85,7b,39,96,ed
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\guard32.dll
.
Completion time: 2010-02-24 18:32:02
ComboFix-quarantined-files.txt 2010-02-25 00:31
ComboFix2.txt 2010-02-13 18:23
ComboFix3.txt 2010-02-10 04:10
ComboFix4.txt 2010-02-03 19:04
ComboFix5.txt 2010-02-25 00:24

Pre-Run: 119,706,308,608 bytes free
Post-Run: 119,660,023,808 bytes free

- - End Of File - - 4B6DCDD04E9C67527C73CDBC7D9EFA42

I have no idea. . .

descriptionI have no idea. . .3rd February 2010, 6:12 am

descriptionRe: I have no idea. . .3rd February 2010, 6:15 am

descriptionRe: I have no idea. . .3rd February 2010, 4:15 pm

descriptionRe: I have no idea. . .3rd February 2010, 8:43 pm

descriptionRe: I have no idea. . .4th February 2010, 2:25 pm

descriptionRe: I have no idea. . .5th February 2010, 7:59 pm

descriptionRe: I have no idea. . .5th February 2010, 10:31 pm

descriptionRe: I have no idea. . .8th February 2010, 5:43 pm

descriptionRe: I have no idea. . .8th February 2010, 6:09 pm

descriptionRe: I have no idea. . .8th February 2010, 8:26 pm

descriptionRe: I have no idea. . .8th February 2010, 8:58 pm

descriptionRe: I have no idea. . .8th February 2010, 9:43 pm

descriptionRe: I have no idea. . .10th February 2010, 8:58 pm

descriptionRe: I have no idea. . .10th February 2010, 9:11 pm

descriptionRe: I have no idea. . .11th February 2010, 3:48 am

descriptionRe: I have no idea. . .12th February 2010, 1:43 am

descriptionRe: I have no idea. . .12th February 2010, 5:25 pm

descriptionRe: I have no idea. . .12th February 2010, 5:37 pm

descriptionRe: I have no idea. . .13th February 2010, 3:47 pm

descriptionRe: I have no idea. . .13th February 2010, 6:43 pm

descriptionRe: I have no idea. . .13th February 2010, 6:48 pm

descriptionRe: I have no idea. . .14th February 2010, 2:14 am

descriptionRe: I have no idea. . .14th February 2010, 8:33 pm

descriptionRe: I have no idea. . .15th February 2010, 1:47 am

descriptionRe: I have no idea. . .15th February 2010, 1:58 am

descriptionRe: I have no idea. . .16th February 2010, 3:28 am

descriptionRe: I have no idea. . .16th February 2010, 2:44 pm

descriptionRe: I have no idea. . .17th February 2010, 11:54 pm

descriptionRe: I have no idea. . .17th February 2010, 11:59 pm

descriptionRe: I have no idea. . .18th February 2010, 12:00 am

descriptionRe: I have no idea. . .18th February 2010, 12:01 am

descriptionRe: I have no idea. . .18th February 2010, 12:02 am

descriptionRe: I have no idea. . .18th February 2010, 12:03 am

descriptionRe: I have no idea. . .18th February 2010, 12:04 am

descriptionRe: I have no idea. . .18th February 2010, 12:05 am

descriptionRe: I have no idea. . .18th February 2010, 12:06 am

descriptionRe: I have no idea. . .18th February 2010, 12:06 am

descriptionRe: I have no idea. . .18th February 2010, 12:07 am

descriptionRe: I have no idea. . .18th February 2010, 12:08 am

descriptionRe: I have no idea. . .18th February 2010, 12:08 am

descriptionRe: I have no idea. . .18th February 2010, 12:10 am

descriptionRe: I have no idea. . .18th February 2010, 5:36 am

descriptionRe: I have no idea. . .18th February 2010, 6:39 pm

descriptionRe: I have no idea. . .18th February 2010, 7:39 pm

descriptionRe: I have no idea. . .18th February 2010, 8:39 pm

descriptionRe: I have no idea. . .18th February 2010, 8:42 pm

descriptionRe: I have no idea. . .18th February 2010, 9:25 pm

descriptionRe: I have no idea. . .21st February 2010, 7:34 pm

descriptionRe: I have no idea. . .23rd February 2010, 1:37 am

descriptionRe: I have no idea. . .25th February 2010, 1:09 am

descriptionRe: I have no idea. . .

I have no idea. . .3rd February 2010, 6:12 am

Re: I have no idea. . .3rd February 2010, 6:15 am

Re: I have no idea. . .3rd February 2010, 4:15 pm

Re: I have no idea. . .3rd February 2010, 8:43 pm

Re: I have no idea. . .4th February 2010, 2:25 pm

Re: I have no idea. . .5th February 2010, 7:59 pm

Re: I have no idea. . .5th February 2010, 10:31 pm

Re: I have no idea. . .8th February 2010, 5:43 pm

Re: I have no idea. . .8th February 2010, 6:09 pm

Re: I have no idea. . .8th February 2010, 8:26 pm

Re: I have no idea. . .8th February 2010, 8:58 pm

Re: I have no idea. . .8th February 2010, 9:43 pm

Re: I have no idea. . .10th February 2010, 8:58 pm

Re: I have no idea. . .10th February 2010, 9:11 pm

Re: I have no idea. . .11th February 2010, 3:48 am

Re: I have no idea. . .12th February 2010, 1:43 am

Re: I have no idea. . .12th February 2010, 5:25 pm

Re: I have no idea. . .12th February 2010, 5:37 pm

Re: I have no idea. . .13th February 2010, 3:47 pm

Re: I have no idea. . .13th February 2010, 6:43 pm

Re: I have no idea. . .13th February 2010, 6:48 pm

Re: I have no idea. . .14th February 2010, 2:14 am

Re: I have no idea. . .14th February 2010, 8:33 pm

Re: I have no idea. . .15th February 2010, 1:47 am

Re: I have no idea. . .15th February 2010, 1:58 am

Re: I have no idea. . .16th February 2010, 3:28 am

Re: I have no idea. . .16th February 2010, 2:44 pm

Re: I have no idea. . .17th February 2010, 11:54 pm

Re: I have no idea. . .17th February 2010, 11:59 pm

Re: I have no idea. . .18th February 2010, 12:00 am

Re: I have no idea. . .18th February 2010, 12:01 am

Re: I have no idea. . .18th February 2010, 12:02 am

Re: I have no idea. . .18th February 2010, 12:03 am

Re: I have no idea. . .18th February 2010, 12:04 am

Re: I have no idea. . .18th February 2010, 12:05 am

Re: I have no idea. . .18th February 2010, 12:06 am

Re: I have no idea. . .18th February 2010, 12:06 am

Re: I have no idea. . .18th February 2010, 12:07 am

Re: I have no idea. . .18th February 2010, 12:08 am

Re: I have no idea. . .18th February 2010, 12:08 am

Re: I have no idea. . .18th February 2010, 12:10 am

Re: I have no idea. . .18th February 2010, 5:36 am

Re: I have no idea. . .18th February 2010, 6:39 pm

Re: I have no idea. . .18th February 2010, 7:39 pm

Re: I have no idea. . .18th February 2010, 8:39 pm

Re: I have no idea. . .18th February 2010, 8:42 pm

Re: I have no idea. . .18th February 2010, 9:25 pm

Re: I have no idea. . .21st February 2010, 7:34 pm

Re: I have no idea. . .23rd February 2010, 1:37 am

Re: I have no idea. . .25th February 2010, 1:09 am

Re: I have no idea. . .