Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Random Issues


  • This topic is locked This topic is locked
7 replies to this topic

#1 digorax

digorax

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 11 May 2011 - 02:01 PM

My desktop "bluescreened" with an error message I didn't catch. I restarted and after some exploring received the following message:

Process: C:\ProgramFiles\Internet Explorer\iexplore.exe
Process id: 0X25C
Thread id: 0X258
Attack type: buffer overflow
Address: 0X02393B05
Memory type: heap

I've since run a virus scan w/ COMODO (nothing found), then did a system restore for last week. My CPU usage is at 100% and the desktop is running slowly (although nothing else is active). I tried using it to log onto this site, and a tab openned some pornographic site. So, I disconnected it from the internet and powered it down and am working through my netbook until resolved.

Any assistance to determine the threat on my pc would be very helpful!
(Second time at this site, so I have some of the scanning/eval-'ware' on my pc)

~md

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:45 AM

Posted 11 May 2011 - 02:06 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#3 digorax

digorax
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 11 May 2011 - 08:14 PM

Malwarebytes' Anti-Malware 1.29
Database version: 1298
Windows 5.1.2600 Service Pack 3

5/11/2011 9:07:20 PM
mbam-log-2011-05-11 (21-07-19).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 131798
Time elapsed: 46 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*************************************************************************************************
SUPERAntiSpyware & GMER weren't done yet because I can't get online to download those programs... I'm trying to portable versions now.

~md

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:45 AM

Posted 11 May 2011 - 09:15 PM

Please update Malwarebytes and run the scans again.

#5 digorax

digorax
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 12 May 2011 - 12:16 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

5/12/2011 1:11:02 AM
mbam-log-2011-05-12 (01-11-02).txt

Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 229315
Time elapsed: 1 hour(s), 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\s3efad32.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
************************************************************************************************

The portable SAS didn't register any log for the scan. 1st time it was performed, it found 631 File threats. No log produced. Performed second time, it found 1 File threat. No log produced.

Will post GMER scan in the morning

#6 digorax

digorax
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 12 May 2011 - 12:45 AM

***Post 1/3***

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-12 01:38:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD800JD-75MSA3 rev.10.01E04
Running: 1y9jkl1w.exe; Driver: C:\DOCUME~1\MATDIM~1\LOCALS~1\Temp\awtdapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA74F47B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xA74F3D16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xA74F4372]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xA74F4F80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xA74F3A70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xA74F5C70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA74F499C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xA74F3646]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xA74F4BEA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xA74F4D9A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xA74F34F8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xA74F58F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xA74F3F5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xA74F45AA]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xF7CC88AC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xA74F41EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xA74F33A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xA74F5346]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA74F3B8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xA74F56AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xA74F5AA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xA74F5146]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xA74F3EF6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xA74F40E0]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF7CC8812]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xA74F3808]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 8050457C 4 Bytes JMP 8AA74F4B
? neqqnn.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6688F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe[212] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe[212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe[212] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe[212] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe[212] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe[212] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe[212] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe[212] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe[212] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe[212] OLE32.DLL!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe[212] OLE32.DLL!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[568] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[568] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[568] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[568] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[568] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[568] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[568] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[568] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\alg.exe[568] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[568] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\winlogon.exe[712] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[760] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[760] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[760] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[760] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[760] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[760] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[760] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[760] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\services.exe[760] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[760] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[772] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[772] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[772] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[772] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[772] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[772] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[772] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[772] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\lsass.exe[772] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[772] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[948] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1020] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1020] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1020] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1020] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1020] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1020] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1020] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1020] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1020] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B9000A
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 007E000A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 007F000A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0080000A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1064] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1064] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1064] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1064] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[1064] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1064] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00F6000A
.text C:\WINDOWS\System32\svchost.exe[1064] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1112] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1112] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1112] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1112] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1112] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1112] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1200] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1200] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1200] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1200] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1200] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1200] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1256] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1424] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1424] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1424] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1424] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1424] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\spoolsv.exe[1424] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1424] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1424] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1424] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1424] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1508] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] ole32.dll!CoGetClassObject

***Post 2/3***

775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1548] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1548] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1548] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1548] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1548] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1548] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1548] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1548] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1548] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1564] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003A5690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1564] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003A55C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1564] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003A1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1564] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003A1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1564] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 003A13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1564] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [48, 88]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1564] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003A5250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1564] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003A16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1564] USER32.dll!keybd_event 7E466783 5 Bytes JMP 003A1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1564] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 003A4F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1564] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 003A50E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003B5690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B55C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1588] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003B5250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1588] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003B16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1588] USER32.dll!keybd_event 7E466783 5 Bytes JMP 003B1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1588] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003B1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1588] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003B1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1588] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 003B13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1588] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [49, 88]
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1588] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 003B4F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1588] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 003B50E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1648] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1648] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1692] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1692] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1692] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1692] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1764] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1764] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1764] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1764] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1764] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1764] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1764] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1764] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1764] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1764] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1872] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1872] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1872] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1872] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1872] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1872] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1872] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1872] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1872] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1872] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1908] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1908] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1908] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1908] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1908] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1908] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1908] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1908] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[1908] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1908] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1936] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1936] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1936] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1936] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1936] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1936] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1936] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1936] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1936] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[1936] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1936] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1984] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1984] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1984] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1984] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1984] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1984] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1984] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1984] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1984] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1984] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2036] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2036] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2036] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2036] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2036] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2036] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2036] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2036] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2036] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2036] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2256] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E8000A
.text C:\WINDOWS\Explorer.EXE[2256] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E9000A
.text C:\WINDOWS\Explorer.EXE[2256] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E7000C
.text C:\WINDOWS\Explorer.EXE[2256] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2256] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2256] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2256] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\Explorer.EXE[2256] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2256] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2256] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2256] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2256] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00F415F1 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00F05690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F415A0 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F41534 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtCreateProcessEx 7C90D15E 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F41693 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00F415D6 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00F49A00 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00F4160C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00F415BB C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F4104C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00F41642 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00F41627 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F4156A C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00F4107C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00F49A80 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F41000 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00F055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00F4165D C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F411EF C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F413D5 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00F41183 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F41168 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F41132 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F410E1 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F410C6 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F410FC C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F4114D C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00F41384 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00F4139F C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F4120A C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00F41318 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F412AC C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00F4119E C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00F41276 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F41225 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00F41240 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00F41333 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00F4134E C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00F412E2 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00F41291 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00F412FD C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00F412C7 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00F4125B C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F413BA C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00F41117 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00F414AD C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 00F41492 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00F01860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00F01230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 00F013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [FE, 88]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00F05250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 00F016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00F01550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 00F41441 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 00F41426 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 00F413F0 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 00F4140B C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00F04F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00F050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] WININET.dll!InternetConnectA 3D94B0B2 5 Bytes JMP 00F4145C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] WININET.dll!InternetConnectW 3D94C2A0 5 Bytes JMP 00F41477 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00B35690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00B355C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00B31860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00B31230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 00B313C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [C1, 88]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00B35250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 00B316D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00B31550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B34F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00B350E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2652] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 009A5690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009A55C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2652] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 009A5250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2652] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 009A16D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2652] USER32.dll!keybd_event 7E466783 5 Bytes JMP 009A1550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2652] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 009A1860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2652] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 009A1230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2652] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 009A13C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2652] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [A8, 88] {TEST AL, 0x88}
.text C:\WINDOWS\system32\hkcmd.exe[2652] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 009A4F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2652] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 009A50E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2672] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2672] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2672] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2672] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2672] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2672] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2672] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2672] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\igfxpers.exe[2672] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2672] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2756] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2756] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2756] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2756] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2756] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Java\jre6\bin\jusched.exe[2756] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2756] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2756] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2756] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2756] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\msiexec.exe[2980] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\msiexec.exe[2980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\msiexec.exe[2980] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\msiexec.exe[2980] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\msiexec.exe[2980] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\msiexec.exe[2980] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\msiexec.exe[2980] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\msiexec.exe[2980] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\msiexec.exe[2980] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\msiexec.exe[2980] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\msiexec.exe[2980] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[3220] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[3220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[3220] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[3220] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[3220] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[3220] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Messenger\msmsgs.exe[3220] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[3220] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[3220] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[3220] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[3220] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3264] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3264] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3264] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3264] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3264] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3264] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3264] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3264] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\ctfmon.exe[3264] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3264] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3308] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3308] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3308] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3308] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[3308] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3308] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00B25690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00B255C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00B21860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00B21230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 00B213C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [C0, 88]
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00B25250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 00B216D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00B21550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B24F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00B250E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text E:\Clean PC\1y9jkl1w.exe[3588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text E:\Clean PC\1y9jkl1w.exe[3588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text E:\Clean PC\1y9jkl1w.exe[3588] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text E:\Clean PC\1y9jkl1w.exe[3588] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text E:\Clean PC\1y9jkl1w.exe[3588] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text E:\Clean PC\1y9jkl1w.exe[3588] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text E:\Clean PC\1y9jkl1w.exe[3588] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text E:\Clean PC\1y9jkl1w.exe[3588] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text E:\Clean PC\1y9jkl1w.exe[3588] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text E:\Clean PC\1y9jkl1w.exe[3588] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text E:\Clean PC\1y9jkl1w.exe[3588] USER32.dll!keybd_event

***Post 3/3***

7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] user32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] user32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] user32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F738F710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F738F770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F738F990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F738F950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F738F950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F738F770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F738F710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F738F990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F738F990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F738F950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F738F770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F738F710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F738F950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F738F990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F738F710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F738F770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F738F710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F738F770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F738F950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F738F990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F738F950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F738F770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F738F710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F738F950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F738F990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F738F710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F738F770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AF2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AF2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AF2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AF2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B62F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B62CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B62D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B62CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01172F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01172CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01172D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01172CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00EC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00EC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00EC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[2620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00EC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01002F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01002CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01002D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01002CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DD2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DD2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DD2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DD2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\COMODO\SafeSurf\cssurf.exe[2776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\COMODO\SafeSurf\cssurf.exe[2776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\COMODO\SafeSurf\cssurf.exe[2776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\COMODO\SafeSurf\cssurf.exe[2776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [014E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [014E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [014E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [014E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0060FA50] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0060F360] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [0060FAA0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0060F9C0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0060F9C0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0060F360] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0060F9C0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [0060FAA0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0060F360] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0060F360] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [0060FAA0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0060F360] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0060EAE0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0060FAA0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0060FA00] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0060FA50] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0060F9C0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0060F360] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0060EEC0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0060EF50] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0060EA90] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0060F3F0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0060F4B0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [0060F690] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [0060ED80] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [0060EE20] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0060F570] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0060EAE0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [0060FAA0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0060F9C0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0060F360] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0060FA50] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0060FA00] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0060F7A0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [0060EEC0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0060F570] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [0060EA90] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0060EF50] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0060F4B0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0060EB20] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [0060F8B0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0060F920] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [0060F900] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0060F690] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0060ED10] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0060ED80] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0060EC00] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [0060EAE0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0060F9C0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0060F360] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0060FA50] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0060FA00] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0060F690] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0060F570] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [0060EA90] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [0060ED80] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [0060F4B0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [0060EF50] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0060F9C0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [0060F360] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0060FA00] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0060FA50] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0060F360] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [0060FAA0] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [0060F570] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0060F980] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2824] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0060FB30] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BB2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BB2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BB2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BB2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT E:\Clean PC\1y9jkl1w.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BF2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT E:\Clean PC\1y9jkl1w.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BF2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT E:\Clean PC\1y9jkl1w.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BF2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT E:\Clean PC\1y9jkl1w.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BF2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Md\My Documents\Downloads, Installers\KABE3E.exe[3620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86D5F31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 86D5F31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86D5F31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 86D5F31B

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:45 AM

Posted 12 May 2011 - 05:54 AM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 12 May 2011 - 05:52 PM

Malware topic here: http://www.bleepingcomputer.com/forums/topic396963.html

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users