Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible chronic trojan infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 gravitron5

gravitron5

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 23 September 2010 - 08:45 AM

Hello,

About a month ago, I bought a new laptop. Prior to transferring my personal files from my removable hard drive to my new machine, I decided to the drive for viruses. Since I'm paranoid, I used four programs: Microsoft Security Essentials, MBAM, Dr. Web Cureit, & ESET's online scanner, performing the scans between 8/18/10 & 8/19/10. MSE found a worm called Win32/Orbina!rts in this file:

E:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1018\A0047178.exe

...and quarantined it. MBAM, Cureit, & Eset also found other viruses, and quarantined or removed them. Scans following removal showed no threats, so I copied my files onto the new machine.

On 9/4/10, my computer somehow got infected again. General symptoms included an inability to connect to the Internet (even though my WiFi status was "Connected"), nor could I save files to the hard drive (kept saying the drive was full, even though I have ~200 GB free space). I disconnected from the Internet & ran a scan w/ MBAM, which found the following:

--------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4451

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/3/2010 10:12:01 PM
mbam-log-2010-09-03 (22-12-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 173302
Time elapsed: 38 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\persistence (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\waveGina.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igfxtray.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.

--------------------------------------

DrWeb Cureit also detected & removed a couple of other infections:

GIMPS client.zip\Httpnet.dll;C:\Conqueror\Pre-USMC\Zip Disk\GIMPS client.zip;Trojan.DownLoader.origin;;
GIMPS client.zip;C:\Conqueror\Pre-USMC\Zip Disk;Archive contains infected objects;Moved.;

GIMPS client.zip\Httpnet.dll;E:\Pre-USMC\Zip Disk\GIMPS client.zip;Trojan.DownLoader.origin;;
GIMPS client.zip;E:\Pre-USMC\Zip Disk;Archive contains infected objects;Moved.;

I also performed scans with ESET online scanner & MSE, and found nothing. Re-scanned with Cureit & MBAM, and also found nothing. I though I was clear, but I couldn't be sure. After this incident, I did install full versions of MBAM & Sandboxie, and the free version of ThreatFire, and started doing all my surfing from a non-administrator account. I also replaced my Windows Firewall with Comodo's Firewall.

On 9/16/10, unbeknownst to me, MSE apparently detected & removed Win32/CVE-2010-0818.gen from this file:

C:\Documents and Settings\Vengence\Desktop\Thunder\Pics2\d3\VID'S\IED 7 Ton.ASF

I dimly recall temporary difficulties connecting to the Internet around that time, but I don't remember whether they coincided with this.

Then, around 1845 hrs EST on 9/22/10, I found myself (again) unable to connect to the Internet. Even though I'd taken no action to deactivate it, Comodo's firewall appeared to be turned off (the icon no longer appeared in my system tray), and attempts to open either Comodo or ThreatFire led to error messages saying something like "The memory could not be 'read'.". Dell ControlPoint also returned errors, saying it couldn't run. Control-Alt-Del only brought up a Sandboxie error message.

When I tried scanning with MSE, I got an "insufficient memory" error; although (for unknown reasons) I was eventually able to get an MSE scan started. Meanwhile, I scanned with MBAM, which found ~250 items (mostly Windows system files) infected with something called "Trojan.Agent". MBAM managed to clean them (though it inexplicably failed to save a log file), however, subsequent scans with MBAM, MSE, and DrWeb Cureit turned up clean.

So my question is: Do I just have really bad luck, or is there something (undetectable by MSE, MBAM, Cureit, or ESET) that's causing these recurring problems? If the above programs say I'm "clean", am I really, or might there be something else lurking on my system? The fact that Comodo's firewall seems to have spontaneously deactivated without any action on my part leads me to wonder whether something might've sabotaged it.

Any assistance would be greatly appreciated. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,727 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:51 AM

Posted 23 September 2010 - 12:26 PM

Hello,it may just not be getting it all as parts may be active.
Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Reboot to Normal mode and do a rootkit scan....

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 gravitron5

gravitron5
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 23 September 2010 - 08:19 PM

boopme,

I ran the scans you mentioned. SAS found a bunch of cookies. MBAM came back clean. FixExe.reg & RKill.exe ran fine; but when running GMER, I kept getting a blue screen of death in Normal Mode, so I had to run it in Safe Mode. I've copied the relevant logs below.

--------------------------------- RKill ---------------------------------

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as gravitron5 on 09/23/2010 at 15:30:02.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\gravitron5\Desktop\rkill.exe


Rkill completed on 09/23/2010 at 15:30:04.

--------------------------------- SUPERAntiSpyware ---------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/23/2010 at 04:13 PM

Application Version : 4.43.1000

Core Rules Database Version : 5566
Trace Rules Database Version: 3378

Scan type : Complete Scan
Total Scan Time : 00:40:40

Memory items scanned : 298
Memory threats detected : 0
Registry items scanned : 7109
Registry threats detected : 0
File items scanned : 73498
File threats detected : 74

Adware.Tracking Cookie
C:\Documents and Settings\gravitron5\Cookies\gravitron5@atdmt[1].txt
C:\Documents and Settings\gravitron5\Cookies\gravitron5@interclick[1].txt
C:\Documents and Settings\gravitron5\Cookies\gravitron5@doubleclick[1].txt
C:\Documents and Settings\gravitron5\Cookies\gravitron5@fastclick[1].txt
C:\Documents and Settings\gravitron5\Cookies\gravitron5@ad.yieldmanager[2].txt
C:\Documents and Settings\gravitron5\Cookies\gravitron5@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\gravitron5\Cookies\gravitron5@ad.wsod[2].txt
.atdmt.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.winzip.122.2o7.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.bigquestionsonline.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.bigquestionsonline.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.bigquestionsonline.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.ehg-eset.hitbox.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.andomedia.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.kaspersky.122.2o7.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.rambler.ru [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
uk.sitestat.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
www1.addfreestats.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.tracking.percentmobile.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.w3counter.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
in.getclicky.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.scarleteen.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.scarleteen.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.scarleteen.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.themis-media.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.yadro.ru [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.microsoftwga.112.2o7.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.findlaw.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.findlaw.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
library.findlaw.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.findlaw.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.findlaw.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.ehg-findlaw.hitbox.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.ehg-findlaw.hitbox.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.ehg-findlaw.hitbox.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.twctsg.122.2o7.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.123count.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.123count.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.ehg-findlaw.hitbox.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.ehg-findlaw.hitbox.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
www.findlaw.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
caselaw.lp.findlaw.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.e-2dj6wfmiomcpsbq.stats.esomniture.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.e-2dj6wjnyohajkaq.stats.esomniture.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.walmart.112.2o7.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.coxhsi.112.2o7.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
www.accountonline.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.accountonline.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.wachovia.112.2o7.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
www.qsstats.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
www.qsstats.com [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\gravitron5\Application Data\Mozilla\Firefox\Profiles\kevq7tyb.default\cookies.sqlite ]

--------------------------------- MalwareBytes ---------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4678

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/23/2010 5:01:27 PM
mbam-log-2010-09-23 (17-01-27).txt

Scan type: Quick scan
Objects scanned: 165010
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------- GMER ---------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-23 20:41:58
Windows 5.1.2600 Service Pack 3
Running: 2hr2le7y.exe; Driver: C:\DOCUME~1\GRAVIT~1\LOCALS~1\Temp\pwrdqpow.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xB9E1FA1C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xB9E1FC10]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xB9E1FCB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xB9E1F90C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xB9E1FE52]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xB9E21B30]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[288] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[332] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[344] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[508] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[556] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[588] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] wininet.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[612] wininet.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1040] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] shell32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] shell32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] shell32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\gravitron5\Desktop\2hr2le7y.exe[1568] shell32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- EOF - GMER 1.0.15 ----

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,727 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:51 AM

Posted 23 September 2010 - 08:48 PM

Hello, sorry I can not see anything here. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Incluse the GMer log you posted above.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:51 AM

Posted 24 September 2010 - 11:14 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic349267.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users