Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange traffic and behavior of laptop on network


  • This topic is locked This topic is locked
19 replies to this topic

#1 kbeng

kbeng

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 28 June 2010 - 01:06 PM

I have a laptop on my network that is constantly connecting to a server on our network and out to a private IP (174.16.x.x) out in the internet. This activity triggers event ID 565 on our server up to around 100 events per sec. The laptop is active when not in use and at odd times of the evening and weekends if left on. I have since banned that laptops internet access and access to that IP in my firewall. Nod32 Smart security 4 is installed and updated daily. After the odd behavior I updated Malwarebytes and ran a scan with no results. Then I loaded Comodo Firewall Plus and it has not picked up anything. I just ran a Hijackthis scan and will post my results below. For the life of me I cannot pin down what this is or even if i should be concerned?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:32 AM, on 6/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
F:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://mercury/connectcomputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1247087844414
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1247253267980
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/...veX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KBeng.local
O17 - HKLM\Software\..\Telephony: DomainName = KBeng.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KBeng.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca050042914afc) (gupdate1ca050042914afc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

--
End of file - 11719 bytes

EDIT: Moved from XP to Malware Removal Logs forum ~ Hamluis.

Edited by hamluis, 28 June 2010 - 01:13 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:34 AM

Posted 02 July 2010 - 11:37 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:34 AM

Posted 06 July 2010 - 02:42 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.

EDIT: Topic reopened at OP's request ~ Hamluis.

Edited by hamluis, 19 July 2010 - 10:35 AM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:34 AM

Posted 19 July 2010 - 10:41 AM

Please post back with the requested logfiles.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 kbeng

kbeng
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 19 July 2010 - 10:55 AM

Sorry I was out of town for a while.

DDS log: is attached

GMER Log: Ran in safe mode.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-19 07:53:56
Windows 5.1.2600 Service Pack 3
Running: x8v4pk1m.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdqpow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 004C5D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 004BCEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 004C5DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 004C5E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 004C5E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 004C5D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 004C5C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 004C5D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 004C5D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 004C5D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 004C5CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 004C5CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 004C5DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 004C5C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004C34C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 004BCFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 004C5CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 004C5BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 004C5940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 004C5BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 004C5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 004C59A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 004C5DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 004C5E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 004C5C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 004C5980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 004C59E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 004C59C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 004C5B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 004C5A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 004C5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 004C5BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 004C5B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 004C5B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 004C5B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 004C5A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 004C5A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 004C5A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 004C5AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 004C5A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 004C5AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 004C5B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 004C5960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 004C5C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 004C6890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 004BF730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 004C65F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 004BFF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 004C6DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 004C6B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 004C7420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 004C5840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[308] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 004C5860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[352] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[364] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[516] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[576] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[608] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00815D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0080CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00815DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00815E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00815E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00815D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00815C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00815D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00815D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00815D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00815CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00815CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00815DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00815C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008134C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0080CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 00815CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00815BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00815940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00815BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00815C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008159A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00815DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00815E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00815C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00815980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 008159E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 008159C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00815B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00815A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00815AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00815BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00815B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00815B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00815B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00815A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00815A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00815A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00815AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00815A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00815AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00815B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00815960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00815C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 00816890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 0080F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 008165F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 0080FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 00816DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 00816B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00817420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 008178A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00817660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00815840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 00815860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 008158C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 008158E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 00815920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[720] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 00815900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[984] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1004] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] shell32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] shell32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] shell32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\mike\Desktop\Mike2\x8v4pk1m.exe[1588] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 8030
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 8031

---- EOF - GMER 1.0.15 ----





Attached Files



#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:34 AM

Posted 20 July 2010 - 12:32 PM

Hello, kbeng
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Download MBRCheck.exe to your desktop
XP users > double click on MBRCheck.exe to run it
Vista and Windows 7 users > right click on MBRCheck.exe and select Run as Administrator
It will show a black screen with some data on it
Click on the black C:\ in the upper left hand corner of the black screen
Choose Edit > Select All > Press Enter to copy the data to your clip board
Press Enter again to close MBRCheck
Now open up notepad or wordpad and paste the data in (press Control+V)

Post the results in your reply






Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 kbeng

kbeng
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 20 July 2010 - 01:53 PM

Here is the MBR log ran under the local admin account:
MBRCheck, version 1.1.1
© 2010, AD

\\.\C: --> \\.\PhysicalDrive0
\\.\D: --> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

AND here is the Same MBR scan ran under my Network Admin account:
MBRCheck, version 1.1.1
© 2010, AD

\\.\C: --> error 5
\\.\D: --> error 5


Done! Press ENTER to exit...


Im not sure why they are different


COMBOFIX
I disabled Eset Smart security 4 and Comodo as specified in the above link.
When I downloaded and Saved as " schrauber.exe " to my desktop then ran it. The status bar goes alther way to the end the it bring back some error that I do not have access to or the files are missing
here are the files

32788r22fwjfw\iexplorer.exe
32788r22fwjfw\hidec.exe
32788r22fwjfw\n.pif

then it asks me to open this file with an unknown file type
nircmd.cfxxe

What can i do next or about this?


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:34 AM

Posted 21 July 2010 - 12:57 PM

Hi,

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 kbeng

kbeng
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 21 July 2010 - 03:01 PM

Is there another mirror for the OTL? From every computer I try I am getting a 403 Forbidden error.

#10 kbeng

kbeng
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 22 July 2010 - 10:16 AM

The link is working today. I will post the logs soon


#11 kbeng

kbeng
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 22 July 2010 - 05:05 PM

OTL logfile created on: 7/22/2010 2:06:25 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 231.87 Gb Total Space | 192.79 Gb Free Space | 83.14% Space Free | Partition Type: NTFS
Drive D: | 1.00 Gb Total Space | 0.97 Gb Free Space | 97.13% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 1.86 Gb Total Space | 0.66 Gb Free Space | 35.48% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 628.09 Gb Total Space | 6.64 Gb Free Space | 1.06% Space Free | Partition Type: NTFS
Drive N: | 130.00 Gb Total Space | 0.32 Gb Free Space | 0.25% Space Free | Partition Type: NTFS
Drive P: | 80.00 Gb Total Space | 5.75 Gb Free Space | 7.18% Space Free | Partition Type: NTFS
Drive Y: | 60.00 Gb Total Space | 40.26 Gb Free Space | 67.09% Space Free | Partition Type: NTFS
Drive Z: | 628.09 Gb Total Space | 6.64 Gb Free Space | 1.06% Space Free | Partition Type: NTFS

Computer Name: NB7
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/22 08:15:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTL.exe
PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/06/01 19:00:40 | 002,039,240 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/09/11 08:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/09/11 08:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/07/13 07:02:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/05/20 17:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008/05/14 13:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/05/13 17:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/05/09 16:09:08 | 001,168,632 | ---- | M] (AuthenTec, Inc.) -- c:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/07 17:34:04 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008/04/18 06:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/18 06:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 14:16:34 | 000,077,672 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008/04/04 08:09:56 | 001,044,480 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/05/15 16:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 16:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 16:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005/11/24 15:38:08 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (SafeList) ==========

MOD - [2010/07/22 08:15:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTL.exe
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008/05/20 17:42:48 | 000,080,656 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll
MOD - [2008/05/20 17:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
MOD - [2008/04/13 17:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/09/11 08:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 08:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/07/14 11:54:53 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/07/13 07:02:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/20 17:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/05/20 17:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008/05/14 13:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/05/13 17:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/05/09 16:09:08 | 001,168,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- c:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/04/18 06:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/29 17:41:48 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/05/15 16:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2010/06/04 11:55:58 | 000,229,312 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/06/01 19:00:24 | 000,087,824 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/06/01 19:00:22 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/10/26 06:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/09/11 08:26:24 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/09/11 08:26:20 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/09/11 08:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 08:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/06/19 10:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008/05/21 05:48:46 | 006,018,464 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/05/13 17:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/05/13 17:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/05/13 17:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/05/13 17:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/13 08:30:34 | 000,475,520 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/08 07:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/15 10:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/13 11:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/11 09:19:42 | 000,338,944 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/03/31 09:04:30 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/03/31 09:04:30 | 000,017,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/28 03:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/03/27 11:14:06 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/02/29 16:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/29 17:41:42 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2007/11/29 11:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink ™
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/04 12:16:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 08:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/02 19:43:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/02 19:43:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/20 09:17:41 | 000,000,000 | ---D | M]

[2009/07/15 16:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Mozilla\Extensions
[2010/06/24 07:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\3nndn03c.default\extensions
[2010/06/24 07:55:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\3nndn03c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/24 07:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\3nndn03c.default\extensions\staged-xpis
[2009/07/10 11:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\mike\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\mike\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://mercury/connectcomputer/nshelp.dll (NSHelp Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1247087844414 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1247253267980 (MUWebControl Class)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.200 192.168.2.37 192.168.2.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KBeng.local
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (c:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll) - c:\Program Files\Hewlett-Packard\IAM\Bin\OCGina.dll (Bioscrypt Inc.)
O20 - Winlogon\Notify\ackpbsc: DllName - c:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\OneCard: DllName - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1997/08/09 16:44:28 | 000,001,738 | ---- | M] () - Z:\autozero.txt -- [ NTFS ]
O33 - MountPoints2\{9fa1700f-721e-11de-be32-00248160e34a}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe -- File not found
O33 - MountPoints2\{9fa1700f-721e-11de-be32-00248160e34a}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56871500212338688)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/22 14:05:48 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTL.exe
[2010/07/20 11:42:22 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/14 08:01:29 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/09 08:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike\Desktop\desktop 3
[2010/07/08 16:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike\My Documents\A PTN
[2010/07/06 09:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike\Desktop\Mike2
[2010/06/24 08:26:53 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/06/24 08:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2010/06/24 08:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/06/24 08:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/06/24 08:02:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/22 14:05:59 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\mike\ntuser.dat
[2010/07/22 13:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/22 09:45:01 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\HP Communications Projects Bids 7-22-10.doc
[2010/07/22 08:15:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTL.exe
[2010/07/21 18:29:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/21 17:53:22 | 000,539,836 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/21 17:53:22 | 000,455,316 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/21 17:53:22 | 000,075,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/21 17:50:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/21 17:48:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/21 17:48:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/21 17:48:29 | 2072,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/19 16:48:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\mike\ntuser.ini
[2010/07/16 11:09:48 | 000,091,136 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\HP Communications 7-16.xls
[2010/07/16 11:07:24 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\Weekly ReportWE7-16.xls
[2010/07/16 10:57:32 | 000,091,136 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\HP Communications 6-30.xls
[2010/07/14 07:46:19 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\Freedom Telecom Tracker.xls
[2010/07/13 15:42:08 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\HP Communications Projects Bids.doc
[2010/07/12 16:44:33 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\Bike Check list.xls
[2010/07/12 14:32:15 | 000,359,243 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\VZW LANCASTER.pdf
[2010/07/12 11:34:15 | 000,009,849 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\Book3.xlsx
[2010/07/12 09:38:46 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\Freedom Tracker Don 7-12.xls
[2010/07/12 09:36:03 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\Freedom Verizon Don 7-12.xls
[2010/07/09 22:48:24 | 000,103,808 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\Photo-0068.jpg
[2010/07/09 22:43:34 | 000,027,478 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\river.jpg
[2010/07/09 22:21:44 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\EXPENSE REPORT7-10-10A.xls
[2010/07/08 07:46:49 | 000,003,656 | -HS- | M] () -- C:\Documents and Settings\mike\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
[2010/07/07 08:43:28 | 000,012,314 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\CITY OF TORRANCE.docx
[2010/07/06 13:44:55 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\HP AboveNet 6-18.xls
[2010/07/01 20:10:28 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/07/01 00:21:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/30 08:08:47 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\Copy of Plant Extension M-R Tracker6-30.xls
[2010/06/28 08:24:59 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\EXPENSE REPORT6-26-10A.xls
[2010/06/24 19:56:47 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\EXPENSE REPORT6-26-10.xls
[2010/06/24 19:52:09 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\Weekly ReportWE6-26.xls
[2010/06/24 16:36:36 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\Freedom Comm Lancaster Ring Trey.xls
[2010/06/24 09:32:20 | 000,001,720 | -H-- | M] () -- C:\Documents and Settings\mike\My Documents\Default.rdp
[2010/06/23 16:38:10 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\HP FREEDOM TRACKER Coach 6-23.xls
[2010/06/23 11:20:33 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\HP FREEDOM TRACKER CHRIS PRICE 6-23.xls
[2010/06/23 09:23:16 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\Freedom Pasadena Submittal Status.xls
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/22 09:43:39 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\HP Communications Projects Bids 7-22-10.doc
[2010/07/20 11:31:31 | 2072,268,800 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/16 11:06:17 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\Weekly ReportWE7-16.xls
[2010/07/16 10:57:47 | 000,091,136 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\HP Communications 7-16.xls
[2010/07/16 08:25:07 | 000,359,243 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\VZW LANCASTER.pdf
[2010/07/16 08:24:57 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\Freedom Telecom Tracker.xls
[2010/07/13 15:41:52 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\HP Communications Projects Bids.doc
[2010/07/12 16:44:33 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\Bike Check list.xls
[2010/07/12 11:34:15 | 000,009,849 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\Book3.xlsx
[2010/07/12 09:38:46 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\Freedom Tracker Don 7-12.xls
[2010/07/12 09:35:13 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\Freedom Verizon Don 7-12.xls
[2010/07/09 22:48:24 | 000,103,808 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\Photo-0068.jpg
[2010/07/09 22:43:34 | 000,027,478 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\river.jpg
[2010/07/09 22:21:43 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\EXPENSE REPORT7-10-10A.xls
[2010/07/08 07:46:49 | 000,003,656 | -HS- | C] () -- C:\Documents and Settings\mike\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
[2010/07/07 08:43:28 | 000,012,314 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\CITY OF TORRANCE.docx
[2010/07/06 13:54:55 | 000,091,136 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\HP Communications 6-30.xls
[2010/06/30 08:07:30 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\Copy of Plant Extension M-R Tracker6-30.xls
[2010/06/28 08:24:58 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\EXPENSE REPORT6-26-10A.xls
[2010/06/24 19:49:54 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\Weekly ReportWE6-26.xls
[2010/06/24 19:43:23 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\EXPENSE REPORT6-26-10.xls
[2010/06/24 16:01:22 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\Freedom Comm Lancaster Ring Trey.xls
[2010/06/23 16:19:52 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\HP FREEDOM TRACKER Coach 6-23.xls
[2010/06/23 11:03:04 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\HP FREEDOM TRACKER CHRIS PRICE 6-23.xls
[2010/06/23 09:23:16 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\Freedom Pasadena Submittal Status.xls
[2009/07/25 11:40:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/24 08:27:16 | 000,000,025 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/07/08 05:11:23 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/07/08 04:53:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2008/05/13 17:36:18 | 000,108,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2005/04/03 15:30:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[2004/08/07 06:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[1998/05/06 20:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 01:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/07/10 12:29:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/07/10 12:29:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 01:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/07/10 12:29:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/07/10 12:29:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/04/15 10:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/04/15 10:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\SwSetup\INTELMSM\Winall\Driver64\IaStor.sys
[2008/04/15 10:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/04/15 10:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\SwSetup\HDD\IaStor.sys
[2008/04/15 10:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\SwSetup\INTELMSM\Winall\Driver\IaStor.sys
[2008/04/15 10:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008/04/15 10:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_E7EB69FF3449D216602D0D37A1D73969621673A9\iaStor.sys
[2008/04/15 10:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/05/13 17:36:18 | 000,108,752 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SafeBoot.sys

< %systemroot%\System32\config\*.sav >
[2004/08/06 22:52:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/06 22:52:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/06 22:52:06 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemdrive%\*.sys /90 /md5 >
[2010/07/21 17:48:29 | 2072,268,800 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/07/21 17:48:23 | 2145,386,496 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys
< End of report >

Attached Files



#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:34 AM

Posted 24 July 2010 - 12:14 PM

Hi,


Download MBRCheck.exe to your desktop
XP users > double click on MBRCheck.exe to run it
Vista and Windows 7 users > right click on MBRCheck.exe and select Run as Administrator
It will show a black screen with some data on it
Click on the black C:\ in the upper left hand corner of the black screen
Choose Edit > Select All > Press Enter to copy the data to your clip board
Press Enter again to close MBRCheck
Now open up notepad or wordpad and paste the data in (press Control+V)

Post the results in your reply





Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.







Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Please post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:34 AM

Posted 26 July 2010 - 12:18 PM

Still with me?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 kbeng

kbeng
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 26 July 2010 - 12:58 PM

Yes, I am. I didn't work this weekend. So I'm starting fresh with Monday. I will post the logs soon.

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:34 AM

Posted 27 July 2010 - 10:55 PM

Ok smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users