Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware win32/


  • This topic is locked This topic is locked
29 replies to this topic

#1 n1ck

n1ck

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 01 August 2012 - 06:48 AM

My computer started being little slow.Not the browsing but the computer.
I have comodo and mse.Mse showed all good.
So i run malwarebytes and nothing found.
Then i try esset and found these threats.]

C:\Documents and Settings\nikos\Local Settings\Temp\BetterInstaller.exe a variant of Win32/Somoto.A application (unable to clea
C:\Documents and Settings\nikos\Local Settings\Temp\somoto-master.exe Win32/Somoto application (unable to clean) I
C:\Documents and Settings\nikos\Local Settings\Temp\is-HHKQQ.tmp\OCSetupHlp.dll Win32/OpenCandy application (unable to clean) 0I
C:\Documents and Settings\nikos\Τα έγγραφά μου\Ληφθέντα αρχεία\IZArcInstall.exe a variant of Win32/Somoto.A application (unable to clean) 00000000000000000000000000000000 I
${Memory}a variant of Win32/Somoto.A application

I run Defogger and dds.
logs.

Defogger

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:41 on 01/08/2012 (nikos)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Pro Agent -> Removed

Checking for services/drivers...


-=E.O.F=-


dds
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by nikos at 14:42:45 on 2012-08-01
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.1022.231 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\Program Files\Microsoft Security Client\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\nikos\Επιφάνεια εργασίας\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.gr/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342865647406
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343592797421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94931D83-7D49-4525-B34F-0970C3313E39} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nikos\application data\mozilla\firefox\profiles\g91ugp91.default\
FF - prefs.js: browser.startup.homepage - www.google.gr
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-25 242240]
R1 MpKsl0158b39c;MpKsl0158b39c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e98f9284-6207-4710-a4af-116cf2366972}\MpKsl0158b39c.sys [2012-8-1 29904]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-3-11 1983232]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-21 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-21 113120]
.
=============== Created Last 30 ================
.
2012-08-01 11:35:54 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e98f9284-6207-4710-a4af-116cf2366972}\MpKsl0158b39c.sys
2012-08-01 07:29:27 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e98f9284-6207-4710-a4af-116cf2366972}\mpengine.dll
2012-07-30 20:27:40 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-29 21:06:38 -------- d-----w- c:\program files\uTorrent
2012-07-27 19:29:35 -------- d-----w- c:\documents and settings\nikos\Subs
2012-07-26 18:42:44 -------- d-----w- c:\documents and settings\nikos\application data\uTorrent
2012-07-26 18:40:18 -------- d-----w- c:\documents and settings\nikos\application data\BSplayer Pro
2012-07-26 18:40:18 -------- d-----w- c:\documents and settings\nikos\application data\BSplayer
2012-07-26 18:40:09 -------- d-----w- c:\program files\Webteh
2012-07-26 18:05:04 -------- d-----w- c:\documents and settings\nikos\local settings\application data\Identities
2012-07-26 08:25:14 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2012-07-26 08:24:55 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-07-26 08:24:51 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-07-26 08:24:11 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-26 08:24:07 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-07-26 08:24:07 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-07-26 08:24:07 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-07-26 08:23:48 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-07-26 08:23:48 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-07-26 08:23:48 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-07-26 08:23:48 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-07-26 08:23:48 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-07-26 08:23:44 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-07-26 08:23:44 14014656 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2012-07-26 08:23:44 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-07-26 08:23:13 -------- d-----w- c:\program files\NVIDIA Corporation
2012-07-26 08:22:32 -------- d-----w- C:\NVIDIA
2012-07-26 08:16:34 -------- d-----w- c:\program files\Oracle
2012-07-26 08:16:27 -------- d-----w- c:\documents and settings\nikos\local settings\application data\Sun
2012-07-26 08:16:20 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-26 08:16:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-26 08:16:20 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-25 15:59:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-25 15:59:37 -------- d-----w- c:\documents and settings\nikos\application data\DAEMON Tools Pro
2012-07-25 15:59:32 -------- d-----w- c:\program files\DAEMON Tools Pro
2012-07-25 15:58:39 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Pro
2012-07-25 15:52:52 -------- d-----w- c:\documents and settings\nikos\application data\OpenOffice.org
2012-07-25 15:02:08 -------- d-----w- c:\program files\OpenOffice.org 3
2012-07-24 21:05:25 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
2012-07-24 20:59:15 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-07-24 20:59:12 -------- d-----w- c:\program files\COMODO
2012-07-24 20:59:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-24 20:59:11 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-07-24 20:59:11 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-24 20:08:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-24 19:23:14 -------- d-----w- c:\documents and settings\nikos\application data\Malwarebytes
2012-07-24 19:22:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-24 19:22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-24 19:22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-24 19:03:58 -------- d-----w- c:\windows\system32\NtmsData
2012-07-23 14:57:51 -------- d-----w- c:\program files\IZArc
2012-07-23 14:32:32 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-07-23 14:32:32 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2012-07-23 14:32:31 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2012-07-22 14:43:11 -------- d-----w- c:\program files\ESET
2012-07-22 14:21:48 -------- d-----w- c:\documents and settings\nikos\local settings\application data\Temp
2012-07-22 13:04:52 -------- d-----w- c:\documents and settings\nikos\local settings\application data\Adobe
2012-07-22 13:02:17 -------- d-----w- c:\windows\system32\Adobe
2012-07-21 15:09:15 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-07-21 15:06:08 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-07-21 15:06:08 222448 ----a-w- c:\windows\system32\muweb.dll
2012-07-21 15:06:08 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-07-21 14:07:00 -------- d-----r- c:\program files\Skype
2012-07-21 13:11:54 53248 ------w- c:\windows\system32\wdmioctl.dll
2012-07-21 13:11:54 1285632 ------w- c:\windows\system32\SMMedia.dll
2012-07-21 13:11:53 49152 ----a-w- c:\windows\system32\DSndUp.exe
2012-07-21 13:11:53 45056 ------w- c:\windows\system32\CleanUp.exe
2012-07-21 13:11:53 -------- d-----w- c:\program files\Analog Devices
2012-07-21 13:11:42 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2012-07-21 13:11:41 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2012-07-21 13:11:41 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2012-07-21 13:11:41 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2012-07-21 13:11:41 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2012-07-21 13:11:41 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2012-07-21 13:11:40 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2012-07-21 13:10:38 -------- d-----w- c:\documents and settings\nikos\local settings\application data\WinZip
.
==================== Find3M ====================
.
2012-07-27 17:33:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 17:33:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:55:16 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49:57 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49:57 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:35 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 12:19:46 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 12:19:46 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 12:19:44 16408 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 12:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 12:19:24 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:21:59 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:06:36 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-11 14:41:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:41:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14:52 2155520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14:52 2033664 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 14:44:24,10 ===============
Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 21/7/2012 12:38:22 μμ
System Uptime: 29/7/2012 11:15:49 μμ (63 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5VD2-VM
Processor: Intel® Pentium® D CPU 3.00GHz | Socket 775 | 2999/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 153 GiB total, 140,241 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ελεγκτής διακοπών συστήματος
Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Manufacturer:
Name: Ελεγκτής διακοπών συστήματος
PNP Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB camera
Device ID: USB\VID_0C45&PID_6005\5&E7D03CF&0&1
Manufacturer:
Name: USB camera
PNP Device ID: USB\VID_0C45&PID_6005\5&E7D03CF&0&1
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&71586A9&0&2099
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&71586A9&0&2099
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
Class GUID: {5458011F-08D4-4605-93A2-F03E61BEDBA3}
Description: Enhanced Display Driver Helper Service
Device ID: ROOT\ASUSOTHERDEVICES\0000
Manufacturer: ASUSTeK
Name: Enhanced Display Driver Helper Service
PNP Device ID: ROOT\ASUSOTHERDEVICES\0000
Service: asuskbnt
.
==== System Restore Points ===================
.
RP1: 21/7/2012 12:55:12 μμ - Σημείο ελέγχου συστήματος
RP2: 21/7/2012 1:00:21 μμ - Installed WinZip 15.0
RP3: 21/7/2012 1:04:52 μμ - Εγκατεστημένο REALTEK GbE & FE Ethernet PCI NIC Driver
RP4: 21/7/2012 1:09:11 μμ - Εγκαταστάθηκε το Windows XP KB914882.
RP5: 21/7/2012 1:18:05 μμ - Installed ASUS nVIDIA Driver
RP6: 21/7/2012 1:23:16 μμ - Installed Microsoft Download Manager
RP7: 21/7/2012 1:34:19 μμ - Εγκαταστάθηκε το Windows XP Service Pack 3.
RP8: 21/7/2012 1:46:49 μμ - Installed Windows Internet Explorer 8.
RP9: 21/7/2012 1:51:19 μμ - Software Distribution Service 3.0
RP10: 21/7/2012 2:04:10 μμ - Software Distribution Service 3.0
RP11: 21/7/2012 4:11:45 μμ - Installed SoundMAX
RP12: 21/7/2012 4:11:53 μμ - Installed SoundMAX
RP13: 22/7/2012 2:21:54 πμ - Software Distribution Service 3.0
RP14: 22/7/2012 3:00:15 πμ - Software Distribution Service 3.0
RP15: 23/7/2012 3:28:19 πμ - Software Distribution Service 3.0
RP16: 24/7/2012 3:28:17 πμ - Software Distribution Service 3.0
RP17: 25/7/2012 4:14:02 πμ - Σημείο ελέγχου συστήματος
RP18: 25/7/2012 9:39:31 πμ - Software Distribution Service 3.0
RP19: 25/7/2012 9:53:19 πμ - Software Distribution Service 3.0
RP20: 25/7/2012 6:01:43 μμ - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
RP21: 25/7/2012 6:02:02 μμ - Installed OpenOffice.org 3.4
RP22: 26/7/2012 3:00:13 πμ - Software Distribution Service 3.0
RP23: 26/7/2012 9:53:06 πμ - Software Distribution Service 3.0
RP24: 26/7/2012 11:15:59 πμ - Installed Java™ 7 Update 5
RP25: 26/7/2012 11:16:31 πμ - Installed JavaFX 2.1.1
RP26: 27/7/2012 11:32:11 πμ - Σημείο ελέγχου συστήματος
RP27: 27/7/2012 11:39:35 πμ - Software Distribution Service 3.0
RP28: 28/7/2012 11:38:31 πμ - Software Distribution Service 3.0
RP29: 29/7/2012 2:19:04 πμ - Software Distribution Service 3.0
RP30: 29/7/2012 11:39:01 πμ - Software Distribution Service 3.0
RP31: 30/7/2012 12:27:59 μμ - Σημείο ελέγχου συστήματος
RP32: 30/7/2012 11:27:36 μμ - Software Distribution Service 3.0
RP33: 31/7/2012 11:27:18 μμ - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
Πίνακας Ελέγχου NVIDIA 301.42
Ενημέρωση ασφαλείας για Microsoft Windows (KB2564958)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB2510531)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB2544521)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB2699988)
Ενημέρωση ασφαλείας για Windows XP (KB2115168)
Ενημέρωση ασφαλείας για Windows XP (KB2229593)
Ενημέρωση ασφαλείας για Windows XP (KB2296011)
Ενημέρωση ασφαλείας για Windows XP (KB2347290)
Ενημέρωση ασφαλείας για Windows XP (KB2360937)
Ενημέρωση ασφαλείας για Windows XP (KB2387149)
Ενημέρωση ασφαλείας για Windows XP (KB2393802)
Ενημέρωση ασφαλείας για Windows XP (KB2419632)
Ενημέρωση ασφαλείας για Windows XP (KB2423089)
Ενημέρωση ασφαλείας για Windows XP (KB2440591)
Ενημέρωση ασφαλείας για Windows XP (KB2443105)
Ενημέρωση ασφαλείας για Windows XP (KB2476490)
Ενημέρωση ασφαλείας για Windows XP (KB2478960)
Ενημέρωση ασφαλείας για Windows XP (KB2478971)
Ενημέρωση ασφαλείας για Windows XP (KB2479943)
Ενημέρωση ασφαλείας για Windows XP (KB2481109)
Ενημέρωση ασφαλείας για Windows XP (KB2483185)
Ενημέρωση ασφαλείας για Windows XP (KB2485663)
Ενημέρωση ασφαλείας για Windows XP (KB2506212)
Ενημέρωση ασφαλείας για Windows XP (KB2507618)
Ενημέρωση ασφαλείας για Windows XP (KB2507938)
Ενημέρωση ασφαλείας για Windows XP (KB2508429)
Ενημέρωση ασφαλείας για Windows XP (KB2509553)
Ενημέρωση ασφαλείας για Windows XP (KB2535512)
Ενημέρωση ασφαλείας για Windows XP (KB2536276-v2)
Ενημέρωση ασφαλείας για Windows XP (KB2544893-v2)
Ενημέρωση ασφαλείας για Windows XP (KB2566454)
Ενημέρωση ασφαλείας για Windows XP (KB2570947)
Ενημέρωση ασφαλείας για Windows XP (KB2584146)
Ενημέρωση ασφαλείας για Windows XP (KB2585542)
Ενημέρωση ασφαλείας για Windows XP (KB2592799)
Ενημέρωση ασφαλείας για Windows XP (KB2598479)
Ενημέρωση ασφαλείας για Windows XP (KB2603381)
Ενημέρωση ασφαλείας για Windows XP (KB2618451)
Ενημέρωση ασφαλείας για Windows XP (KB2619339)
Ενημέρωση ασφαλείας για Windows XP (KB2620712)
Ενημέρωση ασφαλείας για Windows XP (KB2624667)
Ενημέρωση ασφαλείας για Windows XP (KB2631813)
Ενημέρωση ασφαλείας για Windows XP (KB2646524)
Ενημέρωση ασφαλείας για Windows XP (KB2653956)
Ενημέρωση ασφαλείας για Windows XP (KB2655992)
Ενημέρωση ασφαλείας για Windows XP (KB2659262)
Ενημέρωση ασφαλείας για Windows XP (KB2661637)
Ενημέρωση ασφαλείας για Windows XP (KB2676562)
Ενημέρωση ασφαλείας για Windows XP (KB2685939)
Ενημέρωση ασφαλείας για Windows XP (KB2686509)
Ενημέρωση ασφαλείας για Windows XP (KB2691442)
Ενημέρωση ασφαλείας για Windows XP (KB2695962)
Ενημέρωση ασφαλείας για Windows XP (KB2698365)
Ενημέρωση ασφαλείας για Windows XP (KB2707511)
Ενημέρωση ασφαλείας για Windows XP (KB2718523)
Ενημέρωση ασφαλείας για Windows XP (KB2719985)
Ενημέρωση ασφαλείας για Windows XP (KB923561)
Ενημέρωση ασφαλείας για Windows XP (KB923789)
Ενημέρωση ασφαλείας για Windows XP (KB946648)
Ενημέρωση ασφαλείας για Windows XP (KB950762)
Ενημέρωση ασφαλείας για Windows XP (KB950974)
Ενημέρωση ασφαλείας για Windows XP (KB951376-v2)
Ενημέρωση ασφαλείας για Windows XP (KB952004)
Ενημέρωση ασφαλείας για Windows XP (KB952954)
Ενημέρωση ασφαλείας για Windows XP (KB956572)
Ενημέρωση ασφαλείας για Windows XP (KB956744)
Ενημέρωση ασφαλείας για Windows XP (KB956802)
Ενημέρωση ασφαλείας για Windows XP (KB956844)
Ενημέρωση ασφαλείας για Windows XP (KB958644)
Ενημέρωση ασφαλείας για Windows XP (KB959426)
Ενημέρωση ασφαλείας για Windows XP (KB960803)
Ενημέρωση ασφαλείας για Windows XP (KB960859)
Ενημέρωση ασφαλείας για Windows XP (KB961501)
Ενημέρωση ασφαλείας για Windows XP (KB969059)
Ενημέρωση ασφαλείας για Windows XP (KB970430)
Ενημέρωση ασφαλείας για Windows XP (KB971657)
Ενημέρωση ασφαλείας για Windows XP (KB972270)
Ενημέρωση ασφαλείας για Windows XP (KB973507)
Ενημέρωση ασφαλείας για Windows XP (KB973869)
Ενημέρωση ασφαλείας για Windows XP (KB973904)
Ενημέρωση ασφαλείας για Windows XP (KB974112)
Ενημέρωση ασφαλείας για Windows XP (KB974318)
Ενημέρωση ασφαλείας για Windows XP (KB974392)
Ενημέρωση ασφαλείας για Windows XP (KB974571)
Ενημέρωση ασφαλείας για Windows XP (KB975025)
Ενημέρωση ασφαλείας για Windows XP (KB975467)
Ενημέρωση ασφαλείας για Windows XP (KB975560)
Ενημέρωση ασφαλείας για Windows XP (KB975713)
Ενημέρωση ασφαλείας για Windows XP (KB977816)
Ενημέρωση ασφαλείας για Windows XP (KB977914)
Ενημέρωση ασφαλείας για Windows XP (KB978338)
Ενημέρωση ασφαλείας για Windows XP (KB978542)
Ενημέρωση ασφαλείας για Windows XP (KB978706)
Ενημέρωση ασφαλείας για Windows XP (KB979309)
Ενημέρωση ασφαλείας για Windows XP (KB979482)
Ενημέρωση ασφαλείας για Windows XP (KB979687)
Ενημέρωση ασφαλείας για Windows XP (KB981322)
Ενημέρωση ασφαλείας για Windows XP (KB981997)
Ενημέρωση ασφαλείας για Windows XP (KB982132)
Ενημέρωση ασφαλείας για Windows XP (KB982665)
Ενημέρωση για Windows XP (KB2345886)
Ενημέρωση για Windows XP (KB2718704)
Ενημέρωση για Windows XP (KB898461)
Ενημέρωση για Windows XP (KB951978)
Ενημέρωση για Windows XP (KB955759)
Ενημέρωση για Windows XP (KB968389)
Ενημέρωση για Windows XP (KB971029)
Ενημέρωση για Windows XP (KB973815)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB2378111)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB952069)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB954155)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB973540)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB975558)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB978695)
Επείγουσα επιδιόρθωση για Windows XP (KB2633952)
Επείγουσα επιδιόρθωση για Windows XP (KB952287)
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
ASUS Enhanced Display Driver
ASUS nVIDIA Driver
BS.Player FREE
COMODO Internet Security
DAEMON Tools Pro
ESET Online Scanner v3
Hotfix for Windows XP (KB976002-v5)
IZArc 4.1.7
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Malwarebytes Anti-Malware έκδοση 1.62.0.1300
Microsoft Application Error Reporting
Microsoft Download Manager
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 14.0.1 (x86 el)
Mozilla Maintenance Service
NVIDIA Πρόγραμμα οδήγησης γραφικών 301.42
NVIDIA Install Application
NVIDIA nView 136.27
OpenOffice.org 3.4
REALTEK GbE & FE Ethernet PCI NIC Driver
Skype™ 5.10
SoundMAX
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
WinZip 15.0
.
==== End Of File ===========================

Edited by n1ck, 01 August 2012 - 07:03 AM.


BC AdBot (Login to Remove)

 


#2 n1ck

n1ck
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 01 August 2012 - 07:23 AM

Gmer log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-01 15:20:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 ExcelStor_Technology_J8160S rev.P22OA70A
Running: mtml3h4k.exe; Driver: C:\DOCUME~1\nikos\LOCALS~1\Temp\pxayrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF192D824]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF192CDD0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF192D48A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xF192E062]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF192FC26]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF192FFA4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xF192C7BC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xF192DA10]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xF192DC18]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xF192C5C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xF192E830]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xF192EA86]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF192F658]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF192D098]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF192D666]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xF192E052]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xF192C1F0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF192D332]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xF192C3F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xF192EC94]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xF192F0E8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xF192EEA6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF192E5C8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xF192DE76]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF192F944]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xF192E330]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF192D002]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF192D21E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xF192CBD2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF192C9C0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CF8 805045B0 4 Bytes CALL E9633747
.text ntkrnlpa.exe!ZwCallbackReturn + 2D00 805045B8 4 Bytes [86, EA, 92, F1] {XCHG DL, CH; XCHG EDX, EAX; INT1 }
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF638B3C0, 0x9B091A, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xF19F2A80]
? C:\DOCUME~1\nikos\LOCALS~1\Temp\mbr.sys Δεν είναι δυνατή η εύρεση του καθορισμένου αρχείου από το σύστημα. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[188] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[188] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[188] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[188] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[188] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[188] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[484] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\nvsvc32.exe[512] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[512] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[660] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[660] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 00CED080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [3D, 84]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 00CFBB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 00CFB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00CF7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 00CED1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00CF3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00CF4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00CF8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00CF8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00CF9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00CF9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!DefWindowProcA + 11A 7E3AC298 7 Bytes JMP 1067C453 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!SetWindowLongA + 19 7E3AC2B6 7 Bytes JMP 1067C3E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!GetWindowInfo 7E3AC49C 5 Bytes JMP 1043BACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!GetMenuContextHelpId + 1A 7E3E5319 7 Bytes JMP 1043C0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[732] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[744] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[984] rpcss.dll!WhichService 76874234 8 Bytes JMP ED501001
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1080] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00533F00 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1080] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 0054D9A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1276] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1476] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1492] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1512] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\Explorer.EXE[1840] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1840] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1948] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0037D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [A6, 83]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 0038BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 0038B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00387DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0037D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00384F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00385AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00383A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00384390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00388BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00388990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00389CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1956] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00389BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1964] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1980] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2004] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2024] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2140] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\System32\alg.exe[2352] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2352] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\mtml3h4k.exe[3180] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 011BB52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!LdrGetProcedureAddress 7C927CF0 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0146B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 0146B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] GDI32.dll!SetDIBitsToDevice + 20A 77EF9E14 7 Bytes JMP 0146B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?

---- EOF - GMER 1.0.15 ----
I am waiting for your instructions.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:25 AM

Posted 06 August 2012 - 06:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463375 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:25 AM

Posted 11 August 2012 - 06:55 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 14 August 2012 - 03:34 PM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 n1ck

n1ck
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 15 August 2012 - 04:58 AM

new dds log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by nikos at 12:48:11 on 2012-08-15
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.1022.40 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\Program Files\Microsoft Security Client\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\nikos\Επιφάνεια εργασίας\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.gr/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342865647406
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343592797421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94931D83-7D49-4525-B34F-0970C3313E39} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nikos\application data\mozilla\firefox\profiles\g91ugp91.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-25 242240]
R1 MpKsl97fea2c3;MpKsl97fea2c3;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3f8c2d4d-ae89-4840-aa90-1091088568d1}\MpKsl97fea2c3.sys [2012-8-14 29904]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-3-11 1983232]
R3 SNCT511;See U Camera;c:\windows\system32\drivers\snct511.sys [2012-8-3 219264]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-21 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-21 113120]
.
=============== Created Last 30 ================
.
2012-08-14 14:24:53 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3f8c2d4d-ae89-4840-aa90-1091088568d1}\MpKsl97fea2c3.sys
2012-08-14 13:40:40 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3f8c2d4d-ae89-4840-aa90-1091088568d1}\mpengine.dll
2012-08-13 13:40:10 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-03 11:02:06 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-08-03 11:02:06 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-08-03 11:02:01 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2012-08-03 11:02:01 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2012-08-03 11:02:00 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2012-08-03 11:02:00 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2012-08-03 10:58:34 53248 ----a-w- c:\windows\amcap.exe
2012-07-29 21:06:38 -------- d-----w- c:\program files\uTorrent
2012-07-27 19:29:35 -------- d-----w- c:\documents and settings\nikos\Subs
2012-07-26 18:42:44 -------- d-----w- c:\documents and settings\nikos\application data\uTorrent
2012-07-26 18:40:18 -------- d-----w- c:\documents and settings\nikos\application data\BSplayer Pro
2012-07-26 18:40:18 -------- d-----w- c:\documents and settings\nikos\application data\BSplayer
2012-07-26 18:40:09 -------- d-----w- c:\program files\Webteh
2012-07-26 18:05:04 -------- d-----w- c:\documents and settings\nikos\local settings\application data\Identities
2012-07-26 08:25:14 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2012-07-26 08:24:55 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-07-26 08:24:51 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-07-26 08:24:11 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-26 08:24:07 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-07-26 08:24:07 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-07-26 08:24:07 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-07-26 08:23:48 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-07-26 08:23:48 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-07-26 08:23:48 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-07-26 08:23:48 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-07-26 08:23:48 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-07-26 08:23:44 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-07-26 08:23:44 14014656 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2012-07-26 08:23:44 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-07-26 08:23:13 -------- d-----w- c:\program files\NVIDIA Corporation
2012-07-26 08:22:32 -------- d-----w- C:\NVIDIA
2012-07-26 08:16:34 -------- d-----w- c:\program files\Oracle
2012-07-26 08:16:27 -------- d-----w- c:\documents and settings\nikos\local settings\application data\Sun
2012-07-26 08:16:20 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-26 08:16:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-26 08:16:20 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-25 15:59:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-25 15:59:37 -------- d-----w- c:\documents and settings\nikos\application data\DAEMON Tools Pro
2012-07-25 15:59:32 -------- d-----w- c:\program files\DAEMON Tools Pro
2012-07-25 15:58:39 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Pro
2012-07-25 15:52:52 -------- d-----w- c:\documents and settings\nikos\application data\OpenOffice.org
2012-07-25 15:02:08 -------- d-----w- c:\program files\OpenOffice.org 3
2012-07-24 21:05:25 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
2012-07-24 20:59:15 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-07-24 20:59:12 -------- d-----w- c:\program files\COMODO
2012-07-24 20:59:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-24 20:59:11 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-07-24 20:59:11 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-24 20:08:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-24 19:23:14 -------- d-----w- c:\documents and settings\nikos\application data\Malwarebytes
2012-07-24 19:22:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-24 19:22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-24 19:22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-24 19:03:58 -------- d-----w- c:\windows\system32\NtmsData
2012-07-23 14:57:51 -------- d-----w- c:\program files\IZArc
2012-07-23 14:32:32 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-07-23 14:32:32 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2012-07-23 14:32:31 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2012-07-22 14:43:11 -------- d-----w- c:\program files\ESET
2012-07-22 14:21:48 -------- d-----w- c:\documents and settings\nikos\local settings\application data\Temp
2012-07-22 13:04:52 -------- d-----w- c:\documents and settings\nikos\local settings\application data\Adobe
2012-07-22 13:02:17 -------- d-----w- c:\windows\system32\Adobe
2012-07-21 15:09:15 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-07-21 15:06:08 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-07-21 15:06:08 222448 ----a-w- c:\windows\system32\muweb.dll
2012-07-21 15:06:08 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-07-21 14:07:00 -------- d-----r- c:\program files\Skype
2012-07-21 13:11:54 53248 ------w- c:\windows\system32\wdmioctl.dll
2012-07-21 13:11:54 1285632 ------w- c:\windows\system32\SMMedia.dll
2012-07-21 13:11:53 49152 ----a-w- c:\windows\system32\DSndUp.exe
2012-07-21 13:11:53 45056 ------w- c:\windows\system32\CleanUp.exe
2012-07-21 13:11:53 -------- d-----w- c:\program files\Analog Devices
2012-07-21 13:11:42 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2012-07-21 13:11:41 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2012-07-21 13:11:41 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2012-07-21 13:11:41 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2012-07-21 13:11:41 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2012-07-21 13:11:41 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2012-07-21 13:11:40 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2012-07-21 13:10:38 -------- d-----w- c:\documents and settings\nikos\local settings\application data\WinZip
.
==================== Find3M ====================
.
2012-08-02 23:33:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 23:33:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:55:16 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49:57 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49:57 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:35 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 12:19:46 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 12:19:46 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 12:19:44 16408 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 12:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 12:19:24 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:21:59 604160 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 12:55:14,18 ===============
new attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 21/7/2012 12:38:22 μμ
System Uptime: 13/8/2012 4:28:49 μμ (44 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5VD2-VM
Processor: Intel® Pentium® D CPU 3.00GHz | Socket 775 | 2999/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 153 GiB total, 139,049 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ελεγκτής διακοπών συστήματος
Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Manufacturer:
Name: Ελεγκτής διακοπών συστήματος
PNP Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&71586A9&0&2099
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&71586A9&0&2099
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
Class GUID: {5458011F-08D4-4605-93A2-F03E61BEDBA3}
Description: Enhanced Display Driver Helper Service
Device ID: ROOT\ASUSOTHERDEVICES\0000
Manufacturer: ASUSTeK
Name: Enhanced Display Driver Helper Service
PNP Device ID: ROOT\ASUSOTHERDEVICES\0000
Service: asuskbnt
.
==== System Restore Points ===================
.
RP1: 21/7/2012 12:55:12 μμ - Σημείο ελέγχου συστήματος
RP2: 21/7/2012 1:00:21 μμ - Installed WinZip 15.0
RP3: 21/7/2012 1:04:52 μμ - Εγκατεστημένο REALTEK GbE & FE Ethernet PCI NIC Driver
RP4: 21/7/2012 1:09:11 μμ - Εγκαταστάθηκε το Windows XP KB914882.
RP5: 21/7/2012 1:18:05 μμ - Installed ASUS nVIDIA Driver
RP6: 21/7/2012 1:23:16 μμ - Installed Microsoft Download Manager
RP7: 21/7/2012 1:34:19 μμ - Εγκαταστάθηκε το Windows XP Service Pack 3.
RP8: 21/7/2012 1:46:49 μμ - Installed Windows Internet Explorer 8.
RP9: 21/7/2012 1:51:19 μμ - Software Distribution Service 3.0
RP10: 21/7/2012 2:04:10 μμ - Software Distribution Service 3.0
RP11: 21/7/2012 4:11:45 μμ - Installed SoundMAX
RP12: 21/7/2012 4:11:53 μμ - Installed SoundMAX
RP13: 22/7/2012 2:21:54 πμ - Software Distribution Service 3.0
RP14: 22/7/2012 3:00:15 πμ - Software Distribution Service 3.0
RP15: 23/7/2012 3:28:19 πμ - Software Distribution Service 3.0
RP16: 24/7/2012 3:28:17 πμ - Software Distribution Service 3.0
RP17: 25/7/2012 4:14:02 πμ - Σημείο ελέγχου συστήματος
RP18: 25/7/2012 9:39:31 πμ - Software Distribution Service 3.0
RP19: 25/7/2012 9:53:19 πμ - Software Distribution Service 3.0
RP20: 25/7/2012 6:01:43 μμ - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
RP21: 25/7/2012 6:02:02 μμ - Installed OpenOffice.org 3.4
RP22: 26/7/2012 3:00:13 πμ - Software Distribution Service 3.0
RP23: 26/7/2012 9:53:06 πμ - Software Distribution Service 3.0
RP24: 26/7/2012 11:15:59 πμ - Installed Java™ 7 Update 5
RP25: 26/7/2012 11:16:31 πμ - Installed JavaFX 2.1.1
RP26: 27/7/2012 11:32:11 πμ - Σημείο ελέγχου συστήματος
RP27: 27/7/2012 11:39:35 πμ - Software Distribution Service 3.0
RP28: 28/7/2012 11:38:31 πμ - Software Distribution Service 3.0
RP29: 29/7/2012 2:19:04 πμ - Software Distribution Service 3.0
RP30: 29/7/2012 11:39:01 πμ - Software Distribution Service 3.0
RP31: 30/7/2012 12:27:59 μμ - Σημείο ελέγχου συστήματος
RP32: 30/7/2012 11:27:36 μμ - Software Distribution Service 3.0
RP33: 31/7/2012 11:27:18 μμ - Software Distribution Service 3.0
RP34: 1/8/2012 11:27:41 μμ - Σημείο ελέγχου συστήματος
RP35: 1/8/2012 11:27:59 μμ - Software Distribution Service 3.0
RP36: 2/8/2012 11:27:42 μμ - Software Distribution Service 3.0
RP37: 3/8/2012 1:58:21 μμ - Installed See U Camera
RP38: 3/8/2012 2:01:28 μμ - Εγκατάσταση ανυπόγραφου προγράμματος οδήγησης
RP39: 6/8/2012 2:34:04 μμ - Σημείο ελέγχου συστήματος
RP40: 7/8/2012 12:50:16 μμ - Software Distribution Service 3.0
RP41: 13/8/2012 4:40:07 μμ - Software Distribution Service 3.0
RP42: 14/8/2012 4:40:30 μμ - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
Πίνακας Ελέγχου NVIDIA 301.42
Ενημέρωση ασφαλείας για Microsoft Windows (KB2564958)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB2510531)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB2544521)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB2699988)
Ενημέρωση ασφαλείας για Windows XP (KB2115168)
Ενημέρωση ασφαλείας για Windows XP (KB2229593)
Ενημέρωση ασφαλείας για Windows XP (KB2296011)
Ενημέρωση ασφαλείας για Windows XP (KB2347290)
Ενημέρωση ασφαλείας για Windows XP (KB2360937)
Ενημέρωση ασφαλείας για Windows XP (KB2387149)
Ενημέρωση ασφαλείας για Windows XP (KB2393802)
Ενημέρωση ασφαλείας για Windows XP (KB2419632)
Ενημέρωση ασφαλείας για Windows XP (KB2423089)
Ενημέρωση ασφαλείας για Windows XP (KB2440591)
Ενημέρωση ασφαλείας για Windows XP (KB2443105)
Ενημέρωση ασφαλείας για Windows XP (KB2476490)
Ενημέρωση ασφαλείας για Windows XP (KB2478960)
Ενημέρωση ασφαλείας για Windows XP (KB2478971)
Ενημέρωση ασφαλείας για Windows XP (KB2479943)
Ενημέρωση ασφαλείας για Windows XP (KB2481109)
Ενημέρωση ασφαλείας για Windows XP (KB2483185)
Ενημέρωση ασφαλείας για Windows XP (KB2485663)
Ενημέρωση ασφαλείας για Windows XP (KB2506212)
Ενημέρωση ασφαλείας για Windows XP (KB2507618)
Ενημέρωση ασφαλείας για Windows XP (KB2507938)
Ενημέρωση ασφαλείας για Windows XP (KB2508429)
Ενημέρωση ασφαλείας για Windows XP (KB2509553)
Ενημέρωση ασφαλείας για Windows XP (KB2535512)
Ενημέρωση ασφαλείας για Windows XP (KB2536276-v2)
Ενημέρωση ασφαλείας για Windows XP (KB2544893-v2)
Ενημέρωση ασφαλείας για Windows XP (KB2566454)
Ενημέρωση ασφαλείας για Windows XP (KB2570947)
Ενημέρωση ασφαλείας για Windows XP (KB2584146)
Ενημέρωση ασφαλείας για Windows XP (KB2585542)
Ενημέρωση ασφαλείας για Windows XP (KB2592799)
Ενημέρωση ασφαλείας για Windows XP (KB2598479)
Ενημέρωση ασφαλείας για Windows XP (KB2603381)
Ενημέρωση ασφαλείας για Windows XP (KB2618451)
Ενημέρωση ασφαλείας για Windows XP (KB2619339)
Ενημέρωση ασφαλείας για Windows XP (KB2620712)
Ενημέρωση ασφαλείας για Windows XP (KB2624667)
Ενημέρωση ασφαλείας για Windows XP (KB2631813)
Ενημέρωση ασφαλείας για Windows XP (KB2646524)
Ενημέρωση ασφαλείας για Windows XP (KB2653956)
Ενημέρωση ασφαλείας για Windows XP (KB2655992)
Ενημέρωση ασφαλείας για Windows XP (KB2659262)
Ενημέρωση ασφαλείας για Windows XP (KB2661637)
Ενημέρωση ασφαλείας για Windows XP (KB2676562)
Ενημέρωση ασφαλείας για Windows XP (KB2685939)
Ενημέρωση ασφαλείας για Windows XP (KB2686509)
Ενημέρωση ασφαλείας για Windows XP (KB2691442)
Ενημέρωση ασφαλείας για Windows XP (KB2695962)
Ενημέρωση ασφαλείας για Windows XP (KB2698365)
Ενημέρωση ασφαλείας για Windows XP (KB2707511)
Ενημέρωση ασφαλείας για Windows XP (KB2718523)
Ενημέρωση ασφαλείας για Windows XP (KB2719985)
Ενημέρωση ασφαλείας για Windows XP (KB923561)
Ενημέρωση ασφαλείας για Windows XP (KB923789)
Ενημέρωση ασφαλείας για Windows XP (KB946648)
Ενημέρωση ασφαλείας για Windows XP (KB950762)
Ενημέρωση ασφαλείας για Windows XP (KB950974)
Ενημέρωση ασφαλείας για Windows XP (KB951376-v2)
Ενημέρωση ασφαλείας για Windows XP (KB952004)
Ενημέρωση ασφαλείας για Windows XP (KB952954)
Ενημέρωση ασφαλείας για Windows XP (KB956572)
Ενημέρωση ασφαλείας για Windows XP (KB956744)
Ενημέρωση ασφαλείας για Windows XP (KB956802)
Ενημέρωση ασφαλείας για Windows XP (KB956844)
Ενημέρωση ασφαλείας για Windows XP (KB958644)
Ενημέρωση ασφαλείας για Windows XP (KB959426)
Ενημέρωση ασφαλείας για Windows XP (KB960803)
Ενημέρωση ασφαλείας για Windows XP (KB960859)
Ενημέρωση ασφαλείας για Windows XP (KB961501)
Ενημέρωση ασφαλείας για Windows XP (KB969059)
Ενημέρωση ασφαλείας για Windows XP (KB970430)
Ενημέρωση ασφαλείας για Windows XP (KB971657)
Ενημέρωση ασφαλείας για Windows XP (KB972270)
Ενημέρωση ασφαλείας για Windows XP (KB973507)
Ενημέρωση ασφαλείας για Windows XP (KB973869)
Ενημέρωση ασφαλείας για Windows XP (KB973904)
Ενημέρωση ασφαλείας για Windows XP (KB974112)
Ενημέρωση ασφαλείας για Windows XP (KB974318)
Ενημέρωση ασφαλείας για Windows XP (KB974392)
Ενημέρωση ασφαλείας για Windows XP (KB974571)
Ενημέρωση ασφαλείας για Windows XP (KB975025)
Ενημέρωση ασφαλείας για Windows XP (KB975467)
Ενημέρωση ασφαλείας για Windows XP (KB975560)
Ενημέρωση ασφαλείας για Windows XP (KB975713)
Ενημέρωση ασφαλείας για Windows XP (KB977816)
Ενημέρωση ασφαλείας για Windows XP (KB977914)
Ενημέρωση ασφαλείας για Windows XP (KB978338)
Ενημέρωση ασφαλείας για Windows XP (KB978542)
Ενημέρωση ασφαλείας για Windows XP (KB978706)
Ενημέρωση ασφαλείας για Windows XP (KB979309)
Ενημέρωση ασφαλείας για Windows XP (KB979482)
Ενημέρωση ασφαλείας για Windows XP (KB979687)
Ενημέρωση ασφαλείας για Windows XP (KB981322)
Ενημέρωση ασφαλείας για Windows XP (KB981997)
Ενημέρωση ασφαλείας για Windows XP (KB982132)
Ενημέρωση ασφαλείας για Windows XP (KB982665)
Ενημέρωση για Windows XP (KB2345886)
Ενημέρωση για Windows XP (KB2718704)
Ενημέρωση για Windows XP (KB898461)
Ενημέρωση για Windows XP (KB951978)
Ενημέρωση για Windows XP (KB955759)
Ενημέρωση για Windows XP (KB968389)
Ενημέρωση για Windows XP (KB971029)
Ενημέρωση για Windows XP (KB973815)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB2378111)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB952069)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB954155)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB973540)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB975558)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB978695)
Επείγουσα επιδιόρθωση για Windows XP (KB2633952)
Επείγουσα επιδιόρθωση για Windows XP (KB952287)
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
ASUS Enhanced Display Driver
ASUS nVIDIA Driver
BS.Player FREE
COMODO Internet Security
DAEMON Tools Pro
ESET Online Scanner v3
Hotfix for Windows XP (KB976002-v5)
IZArc 4.1.7
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Malwarebytes Anti-Malware έκδοση 1.62.0.1300
Microsoft Application Error Reporting
Microsoft Download Manager
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 14.0.1 (x86 el)
Mozilla Maintenance Service
NVIDIA Πρόγραμμα οδήγησης γραφικών 301.42
NVIDIA Install Application
NVIDIA nView 136.27
OpenOffice.org 3.4
REALTEK GbE & FE Ethernet PCI NIC Driver
See U Camera
Skype™ 5.10
SoundMAX
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
WinZip 15.0
.
==== End Of File ===========================

#7 n1ck

n1ck
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 15 August 2012 - 07:41 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-15 15:38:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 ExcelStor_Technology_J8160S rev.P22OA70A
Running: 8hmr4mr9.exe; Driver: C:\DOCUME~1\nikos\LOCALS~1\Temp\pxayrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF117B824]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF117ADD0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF117B48A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xF117C062]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF117DC26]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF117DFA4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xF117A7BC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xF117BA10]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xF117BC18]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xF117A5C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xF117C830]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xF117CA86]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF117D658]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF117B098]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF117B666]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xF117C052]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xF117A1F0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF117B332]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xF117A3F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xF117CC94]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xF117D0E8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xF117CEA6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF117C5C8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xF117BE76]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF117D944]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xF117C330]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF117B002]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF117B21E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xF117ABD2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF117A9C0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5E4D3C0, 0x9B091A, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xF1240A80]
? C:\DOCUME~1\nikos\LOCALS~1\Temp\mbr.sys Δεν είναι δυνατή η εύρεση του καθορισμένου αρχείου από το σύστημα. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[204] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\Explorer.EXE[232] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[232] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\nvsvc32.exe[336] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[336] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[424] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[672] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[672] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[744] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[756] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[920] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[996] rpcss.dll!WhichService 76874234 8 Bytes JMP ED501001
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1092] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00533F00 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1092] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 0054D9A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1128] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1432] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1568] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\spoolsv.exe[1588] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1588] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0037D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [A6, 83]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 0038BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 0038B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00387DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0037D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00384F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00385AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00383A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00384390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00388BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00388990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00389CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1716] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00389BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 011BB52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ntdll.dll!LdrGetProcedureAddress 7C927CF0 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0146B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 0146B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] GDI32.dll!SetDIBitsToDevice + 20A 77EF9E14 7 Bytes JMP 0146B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1796] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1828] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1840] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2136] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2216] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[2236] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\ctfmon.exe[2312] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2312] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3044] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\System32\alg.exe[3072] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3072] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\nikos\Επιφάνεια εργασίας\8hmr4mr9.exe[3592] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 00CED080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [3D, 84]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 00CFBB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 00CFB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00CF7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 00CED1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00CF3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00CF4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00CF8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00CF8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00CF9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00CF9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] USER32.dll!DefWindowProcA + 11A 7E3AC298 7 Bytes JMP 1067C453 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] USER32.dll!SetWindowLongA + 19 7E3AC2B6 7 Bytes JMP 1067C3E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] USER32.dll!GetWindowInfo 7E3AC49C 5 Bytes JMP 1043BACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] USER32.dll!GetMenuContextHelpId + 1A 7E3E5319 7 Bytes JMP 1043C0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ntdll.dll!LdrGetProcedureAddress 7C927CF0 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9]
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] wininet.dll!InternetConnectA 40B9DEBE 5 Bytes JMP 1002A920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] wininet.dll!InternetConnectW 40B9F872 5 Bytes JMP 1002A900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] shell32.dll!ShellExecuteExW 7CA1995B 5 Bytes JMP 1002A940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] shell32.dll!ShellExecuteEx 7CA50ED5 5 Bytes JMP 1002A960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] shell32.dll!ShellExecuteA 7CA51200 5 Bytes JMP 1002A9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] shell32.dll!ShellExecuteW 7CAC5FDD 5 Bytes JMP 1002A980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] WS2_32.dll!WSASocketW 719D404E 2 Bytes JMP 1002A8C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Skype\Phone\Skype.exe[4656] WS2_32.dll!WSASocketW + 3 719D4051 4 Bytes [65, 9E, CC, CC]
.text C:\Program Files\Skype\Phone\Skype.exe[4656] WS2_32.dll!WSASocketA 719D8B6A 5 Bytes JMP 1002A8E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ν\3\xbd\3\x384\3µ\3Γ\3\xb7\3 \0Δ\3\xb7\3\xbb\3µ\3Μ\3Α\3\xb1\3Γ\3\xb7\3Β\3/\0\xb2\3\x2015\3\xbd\3Δ\3µ\3Ώ\3 \0Δ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t 1?
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ν\3\xbd\3\x384\3µ\3Γ\3\xb7\3 \0Δ\3\xb7\3\xbb\3µ\3Μ\3Α\3\xb1\3Γ\3\xb7\3Β\3/\0\xb2\3\x2015\3\xbd\3Δ\3µ\3Ώ\3 \0Δ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t 1?

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\nikos\Local Settings\Application Data\Mozilla\Firefox\Profiles\g91ugp91.default\Cache\8\03\85FB2d01 213031 bytes

---- EOF - GMER 1.0.15 ----

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 15 August 2012 - 10:24 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 n1ck

n1ck
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 15 August 2012 - 10:47 AM

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
ESET Online Scanner v3
COMODO Internet Security
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware έκδοση 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 11.3.300.271
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
ESET Online Scanner v3
COMODO Internet Security
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware έκδοση 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 11.3.300.271
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

comodo found security check as a malware

Edited by n1ck, 15 August 2012 - 10:48 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 15 August 2012 - 11:00 AM

were you able to run combofix?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 n1ck

n1ck
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 15 August 2012 - 11:46 AM

yes here it is but it said that i must install the Recovery Console i said yes
and it said that i can;t installed them


ComboFix 12-08-14.05 - nikos 15/08/2012 19:33:55.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.1022.647 [GMT 3:00]
Running from: c:\documents and settings\nikos\+Ώώ?-Ίίώά ί±ήά?-ά?\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-07-26 08:22 . 2012-07-26 08:22 -------- d-----w- C:\NVIDIA
2012-07-24 20:08 . 2012-07-24 20:08 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 12:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-05-31 13:21 . 2006-03-02 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-07-14 00:15 . 2012-07-21 10:57 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11/3/2012 9:13 μμ 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/3/2012 9:13 μμ 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [25/7/2012 6:59 μμ 242240]
R1 MpKsl6b6e91ab;MpKsl6b6e91ab;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A19FA537-1DDD-4EFD-89CA-D8DBF6041FBC}\MpKsl6b6e91ab.sys [15/8/2012 5:24 μμ 29904]
R3 SNCT511;See U Camera;c:\windows\system32\drivers\snct511.sys [3/8/2012 1:58 μμ 219264]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/7/2012 1:28 μμ 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [21/7/2012 2:04 μμ 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [21/7/2012 1:57 μμ 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL6B6E91AB
*Deregistered* - pxayrpog
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 15:33]
.
2012-08-13 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 14:03]
.
2012-08-15 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 14:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.gr/
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\nikos\Application Data\Mozilla\Firefox\Profiles\g91ugp91.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-73887608.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 19:38
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(672)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-08-15 19:40:39
ComboFix-quarantined-files.txt 2012-08-15 16:40
.
Pre-Run: 6 Κατάλογοι 150.935.064.576 διαθέσιμα byte
Post-Run: 7 Κατάλογοι 151.364.055.040 διαθέσιμα byte
.
- - End Of File - - 98A8F4153DE3619B4F57B268EAC80035

the speed of pc is improved.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 15 August 2012 - 11:51 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 n1ck

n1ck
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 15 August 2012 - 11:58 AM

19:54:48.0278 3332 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
19:54:48.0450 3332 ============================================================
19:54:48.0450 3332 Current date / time: 2012/08/15 19:54:48.0450
19:54:48.0450 3332 SystemInfo:
19:54:48.0450 3332
19:54:48.0450 3332 OS Version: 5.1.2600 ServicePack: 3.0
19:54:48.0450 3332 Product type: Workstation
19:54:48.0450 3332 ComputerName: NICK-A611B29939
19:54:48.0450 3332 UserName: nikos
19:54:48.0450 3332 Windows directory: C:\WINDOWS
19:54:48.0450 3332 System windows directory: C:\WINDOWS
19:54:48.0450 3332 Processor architecture: Intel x86
19:54:48.0450 3332 Number of processors: 2
19:54:48.0450 3332 Page size: 0x1000
19:54:48.0450 3332 Boot type: Normal boot
19:54:48.0450 3332 ============================================================
19:54:49.0794 3332 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:54:49.0794 3332 ============================================================
19:54:49.0794 3332 \Device\Harddisk0\DR0:
19:54:49.0794 3332 MBR partitions:
19:54:49.0794 3332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C0A77
19:54:49.0794 3332 ============================================================
19:54:49.0825 3332 C: <-> \Device\Harddisk0\DR0\Partition1
19:54:49.0825 3332 ============================================================
19:54:49.0825 3332 Initialize success
19:54:49.0825 3332 ============================================================
19:55:06.0810 0572 ============================================================
19:55:06.0810 0572 Scan started
19:55:06.0810 0572 Mode: Manual; TDLFS;
19:55:06.0810 0572 ============================================================
19:55:06.0966 0572 ================ Scan services =============================
19:55:07.0044 0572 Abiosdsk - ok
19:55:07.0060 0572 abp480n5 - ok
19:55:07.0138 0572 [ 1c3c72c504f312c19426cc7cb9ad8e98 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:55:07.0138 0572 ACPI - ok
19:55:07.0169 0572 [ 99f9466c2611e379c88fbbfc8df89b17 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:55:07.0169 0572 ACPIEC - ok
19:55:07.0216 0572 [ d392183cc5379e302e50ceba635248eb ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:55:07.0216 0572 ADIHdAudAddService - ok
19:55:07.0294 0572 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:55:07.0294 0572 AdobeFlashPlayerUpdateSvc - ok
19:55:07.0310 0572 adpu160m - ok
19:55:07.0356 0572 [ 9f59ae2de835641fbb0c6afd80d8fa9b ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys
19:55:07.0356 0572 AEAudioService - ok
19:55:07.0388 0572 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:55:07.0388 0572 aec - ok
19:55:07.0450 0572 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:55:07.0450 0572 AFD - ok
19:55:07.0466 0572 Aha154x - ok
19:55:07.0497 0572 aic78u2 - ok
19:55:07.0528 0572 aic78xx - ok
19:55:07.0575 0572 [ 2d60f4a987fb1d39281efd8c4fd0a298 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:55:07.0575 0572 Alerter - ok
19:55:07.0606 0572 [ 9e2814734be84f8395fb45c16db6f17b ] ALG C:\WINDOWS\System32\alg.exe
19:55:07.0606 0572 ALG - ok
19:55:07.0622 0572 AliIde - ok
19:55:07.0638 0572 amsint - ok
19:55:07.0669 0572 AppMgmt - ok
19:55:07.0700 0572 asc - ok
19:55:07.0731 0572 asc3350p - ok
19:55:07.0747 0572 asc3550 - ok
19:55:07.0810 0572 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:55:07.0810 0572 AsyncMac - ok
19:55:07.0841 0572 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:55:07.0841 0572 atapi - ok
19:55:07.0856 0572 Atdisk - ok
19:55:07.0903 0572 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:55:07.0903 0572 Atmarpc - ok
19:55:07.0935 0572 [ be097d45f15d94690e94c9a2af1c5730 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:55:07.0935 0572 AudioSrv - ok
19:55:07.0981 0572 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:55:07.0981 0572 audstub - ok
19:55:08.0028 0572 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:55:08.0028 0572 Beep - ok
19:55:08.0091 0572 [ abdc5cf759c736dfbfeb031fdc01e303 ] BITS C:\WINDOWS\system32\qmgr.dll
19:55:08.0106 0572 BITS - ok
19:55:08.0138 0572 [ 9adff48255bfc005805e1886ed9ed8ce ] Browser C:\WINDOWS\System32\browser.dll
19:55:08.0153 0572 Browser - ok
19:55:08.0231 0572 catchme - ok
19:55:08.0263 0572 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:55:08.0263 0572 cbidf2k - ok
19:55:08.0310 0572 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:55:08.0310 0572 CCDECODE - ok
19:55:08.0325 0572 cd20xrnt - ok
19:55:08.0356 0572 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:55:08.0356 0572 Cdaudio - ok
19:55:08.0388 0572 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:55:08.0388 0572 Cdfs - ok
19:55:08.0435 0572 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:55:08.0435 0572 Cdrom - ok
19:55:08.0450 0572 Changer - ok
19:55:08.0513 0572 [ be6f88236ba32f780cd93bbcaf54ae32 ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:55:08.0513 0572 CiSvc - ok
19:55:08.0528 0572 [ bc6c0dbfb19d610d9b1e996f4452b161 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:55:08.0528 0572 ClipSrv - ok
19:55:08.0685 0572 [ 907324001ae25ac5959c91eaa34cabae ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:55:08.0700 0572 cmdAgent - ok
19:55:08.0731 0572 [ bee235831f8e3f0baaca18b39d285cf5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:55:08.0731 0572 cmdGuard - ok
19:55:08.0763 0572 [ de548946f36cab62fec2e6aa0149a619 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:55:08.0763 0572 cmdHlp - ok
19:55:08.0778 0572 CmdIde - ok
19:55:08.0810 0572 COMSysApp - ok
19:55:08.0856 0572 Cpqarray - ok
19:55:08.0919 0572 [ f50f73977012f0f5cf807451b79b6736 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:55:08.0919 0572 CryptSvc - ok
19:55:08.0935 0572 dac2w2k - ok
19:55:08.0966 0572 dac960nt - ok
19:55:09.0028 0572 [ b5f06957525d494d2c261b5739367524 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:55:09.0028 0572 DcomLaunch - ok
19:55:09.0091 0572 [ 94c7ee99425bc8342d2991a915d8a8a9 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:55:09.0091 0572 Dhcp - ok
19:55:09.0106 0572 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:55:09.0106 0572 Disk - ok
19:55:09.0122 0572 dmadmin - ok
19:55:09.0200 0572 [ fd983f66eeb5245ef9b28ea3444b2e20 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:55:09.0200 0572 dmboot - ok
19:55:09.0247 0572 [ a732fc0d3b930e2539018eb8ec9314c2 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:55:09.0247 0572 dmio - ok
19:55:09.0278 0572 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:55:09.0278 0572 dmload - ok
19:55:09.0325 0572 [ f78d2a217be961a73bbcba8c502746f6 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:55:09.0325 0572 dmserver - ok
19:55:09.0356 0572 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:55:09.0356 0572 DMusic - ok
19:55:09.0388 0572 [ f99be5941b69dc781c1c5a5d71280469 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:55:09.0388 0572 Dnscache - ok
19:55:09.0435 0572 [ aef153dbe79177f71b03aa013fa237a2 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:55:09.0435 0572 Dot3svc - ok
19:55:09.0450 0572 dpti2o - ok
19:55:09.0481 0572 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:55:09.0481 0572 drmkaud - ok
19:55:09.0575 0572 [ 687af6bb383885ff6a64071b189a7f3e ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
19:55:09.0575 0572 dtsoftbus01 - ok
19:55:09.0606 0572 [ dfd142289bbe62fe420b018a33ce6104 ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:55:09.0606 0572 EapHost - ok
19:55:09.0653 0572 [ 94f58ec326a57bbe8e81636b9b583578 ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:55:09.0653 0572 ERSvc - ok
19:55:09.0700 0572 [ 2a0bb5c67281c423f8d7d6b7d79699ac ] Eventlog C:\WINDOWS\system32\services.exe
19:55:09.0700 0572 Eventlog - ok
19:55:09.0731 0572 [ c35df6d336ebcb2f5e8d817a531ba666 ] EventSystem C:\WINDOWS\system32\es.dll
19:55:09.0747 0572 EventSystem - ok
19:55:09.0778 0572 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:55:09.0778 0572 Fastfat - ok
19:55:09.0825 0572 [ caae78d8d1009415ab67c11b03a0793f ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:55:09.0825 0572 FastUserSwitchingCompatibility - ok
19:55:09.0856 0572 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:55:09.0856 0572 Fdc - ok
19:55:09.0888 0572 [ 418d3078a9b107de75c9ba9b56cba035 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:55:09.0888 0572 Fips - ok
19:55:09.0919 0572 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:55:09.0919 0572 Flpydisk - ok
19:55:09.0966 0572 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:55:09.0966 0572 FltMgr - ok
19:55:09.0981 0572 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:55:09.0981 0572 Fs_Rec - ok
19:55:10.0013 0572 [ 9c798fdc0d53dfba6f4c4059a11fbfe8 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:55:10.0013 0572 Ftdisk - ok
19:55:10.0044 0572 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:55:10.0044 0572 Gpc - ok
19:55:10.0075 0572 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:55:10.0075 0572 HDAudBus - ok
19:55:10.0153 0572 [ a8555880aa97c410dcea531b4799fa11 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:55:10.0153 0572 helpsvc - ok
19:55:10.0169 0572 HidServ - ok
19:55:10.0216 0572 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:55:10.0216 0572 hidusb - ok
19:55:10.0263 0572 [ 0c71805b04e14fd1ae2ed3938f4f2d05 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:55:10.0263 0572 hkmsvc - ok
19:55:10.0278 0572 hpn - ok
19:55:10.0341 0572 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:55:10.0341 0572 HTTP - ok
19:55:10.0388 0572 [ 4e71fdac76e5e9ed1c88dc3fb16e301d ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:55:10.0388 0572 HTTPFilter - ok
19:55:10.0403 0572 i2omgmt - ok
19:55:10.0435 0572 i2omp - ok
19:55:10.0481 0572 [ f8d6633482e0bd81766c74441b134fdf ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:55:10.0481 0572 i8042prt - ok
19:55:10.0497 0572 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:55:10.0497 0572 Imapi - ok
19:55:10.0560 0572 [ 2471854671044613a324486986236fff ] ImapiService C:\WINDOWS\system32\imapi.exe
19:55:10.0560 0572 ImapiService - ok
19:55:10.0591 0572 ini910u - ok
19:55:10.0653 0572 [ f89849cf13805ef49da64a8a63193af7 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
19:55:10.0653 0572 Inspect - ok
19:55:10.0669 0572 IntelIde - ok
19:55:10.0731 0572 [ bb055e429e9f54aa3fba2dd33beb0935 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:55:10.0731 0572 intelppm - ok
19:55:10.0747 0572 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:55:10.0763 0572 Ip6Fw - ok
19:55:10.0794 0572 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:55:10.0794 0572 IpFilterDriver - ok
19:55:10.0825 0572 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:55:10.0825 0572 IpInIp - ok
19:55:10.0856 0572 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:55:10.0856 0572 IpNat - ok
19:55:10.0888 0572 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:55:10.0888 0572 IPSec - ok
19:55:10.0919 0572 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:55:10.0919 0572 IRENUM - ok
19:55:10.0966 0572 [ d3715a2dba29215be59dcfc11294d493 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:55:10.0966 0572 isapnp - ok
19:55:11.0028 0572 [ 4f2143570d2250ca4c4a4c98553c82cd ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
19:55:11.0028 0572 JavaQuickStarterService - ok
19:55:11.0060 0572 [ af1fd8035b4a34eaf25f8bb1cd3c95ff ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:55:11.0060 0572 Kbdclass - ok
19:55:11.0091 0572 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:55:11.0091 0572 kmixer - ok
19:55:11.0122 0572 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:55:11.0122 0572 KSecDD - ok
19:55:11.0153 0572 [ 3ba436c67cdbd9b8d7a48e0b698ca937 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:55:11.0169 0572 lanmanserver - ok
19:55:11.0216 0572 [ 5709251cf3b95ccde29e3e04c96c6dd6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:55:11.0216 0572 lanmanworkstation - ok
19:55:11.0231 0572 lbrtfdc - ok
19:55:11.0325 0572 [ 429f8a7802c1e7d8254c1ee7b70499e3 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:55:11.0325 0572 LmHosts - ok
19:55:11.0356 0572 [ e5d6246619cdf5abc631d3600aaf1dad ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:55:11.0356 0572 Messenger - ok
19:55:11.0403 0572 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:55:11.0403 0572 mnmdd - ok
19:55:11.0450 0572 [ dc6f63935b77436ac4edeef59025cdc9 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:55:11.0450 0572 mnmsrvc - ok
19:55:11.0481 0572 [ 4c84460a6bc9a5bf60555c04be55792e ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:55:11.0481 0572 Modem - ok
19:55:11.0513 0572 [ 6be02786a7c13cceae728298effa0730 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:55:11.0513 0572 Mouclass - ok
19:55:11.0560 0572 [ 89ddb41a54ddf8b3e5b7b9e92ed23a50 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:55:11.0560 0572 mouhid - ok
19:55:11.0606 0572 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:55:11.0606 0572 MountMgr - ok
19:55:11.0669 0572 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:55:11.0669 0572 MozillaMaintenance - ok
19:55:11.0700 0572 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:55:11.0700 0572 MpFilter - ok
19:55:11.0794 0572 [ a69630d039c38018689190234f866d77 ] MpKsl6b6e91ab c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A19FA537-1DDD-4EFD-89CA-D8DBF6041FBC}\MpKsl6b6e91ab.sys
19:55:11.0794 0572 MpKsl6b6e91ab - ok
19:55:11.0810 0572 mraid35x - ok
19:55:11.0856 0572 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:55:11.0856 0572 MRxDAV - ok
19:55:11.0919 0572 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:55:11.0919 0572 MRxSmb - ok
19:55:11.0966 0572 [ 3d3535f73a38beb3e4491e2c0459f77d ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:55:11.0966 0572 MSDTC - ok
19:55:11.0981 0572 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:55:11.0981 0572 Msfs - ok
19:55:12.0013 0572 MSIServer - ok
19:55:12.0075 0572 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:55:12.0075 0572 MSKSSRV - ok
19:55:12.0153 0572 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:55:12.0153 0572 MsMpSvc - ok
19:55:12.0185 0572 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:55:12.0185 0572 MSPCLOCK - ok
19:55:12.0200 0572 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:55:12.0200 0572 MSPQM - ok
19:55:12.0247 0572 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:55:12.0247 0572 mssmbios - ok
19:55:12.0294 0572 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:55:12.0294 0572 MSTEE - ok
19:55:12.0310 0572 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:55:12.0310 0572 Mup - ok
19:55:12.0341 0572 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:55:12.0341 0572 NABTSFEC - ok
19:55:12.0388 0572 [ 730bd15af8c65c3bbd040d121576123d ] napagent C:\WINDOWS\System32\qagentrt.dll
19:55:12.0403 0572 napagent - ok
19:55:12.0435 0572 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:55:12.0435 0572 NDIS - ok
19:55:12.0466 0572 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:55:12.0466 0572 NdisIP - ok
19:55:12.0497 0572 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:55:12.0497 0572 NdisTapi - ok
19:55:12.0544 0572 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:55:12.0544 0572 Ndisuio - ok
19:55:12.0560 0572 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:55:12.0560 0572 NdisWan - ok
19:55:12.0606 0572 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:55:12.0622 0572 NDProxy - ok
19:55:12.0638 0572 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:55:12.0638 0572 NetBIOS - ok
19:55:12.0669 0572 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:55:12.0669 0572 NetBT - ok
19:55:12.0716 0572 [ eae9fb52f7552c0ea407be6eff69c094 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:55:12.0716 0572 NetDDE - ok
19:55:12.0731 0572 [ eae9fb52f7552c0ea407be6eff69c094 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:55:12.0731 0572 NetDDEdsdm - ok
19:55:12.0794 0572 [ 1806020b8905c2a400ecd23733b78b87 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:55:12.0794 0572 Netlogon - ok
19:55:12.0825 0572 [ a443996504a45cdf60cba800dcb14420 ] Netman C:\WINDOWS\System32\netman.dll
19:55:12.0825 0572 Netman - ok
19:55:12.0872 0572 [ c5e2a69e52bb7f3b0c698e2726d871ef ] Nla C:\WINDOWS\System32\mswsock.dll
19:55:12.0872 0572 Nla - ok
19:55:12.0888 0572 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:55:12.0888 0572 Npfs - ok
19:55:12.0950 0572 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:55:12.0950 0572 Ntfs - ok
19:55:12.0966 0572 [ 1806020b8905c2a400ecd23733b78b87 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:55:12.0966 0572 NtLmSsp - ok
19:55:13.0013 0572 [ 5aa7fcaafb3a3f81641bfa9dab55ce42 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:55:13.0028 0572 NtmsSvc - ok
19:55:13.0060 0572 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
19:55:13.0060 0572 Null - ok
19:55:13.0435 0572 [ 7b5a17bd54bb9142843dbe99a1caaed8 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:55:13.0513 0572 nv - ok
19:55:13.0591 0572 [ 5150b108ea88831e1c599603d8b89621 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
19:55:13.0591 0572 NVSvc - ok
19:55:13.0638 0572 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:55:13.0638 0572 NwlnkFlt - ok
19:55:13.0653 0572 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:55:13.0653 0572 NwlnkFwd - ok
19:55:13.0700 0572 [ 3d383486b2d3b97cd44334a406ae3418 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:55:13.0700 0572 Parport - ok
19:55:13.0747 0572 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:55:13.0747 0572 PartMgr - ok
19:55:13.0794 0572 [ cbc2a624a1dac81bd1a2932985a8955f ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:55:13.0794 0572 ParVdm - ok
19:55:13.0810 0572 [ dcb32b61125e35af33cb8cd54a1e7737 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:55:13.0810 0572 PCI - ok
19:55:13.0841 0572 PCIDump - ok
19:55:13.0856 0572 [ d0f88f309e94460ae276c843192d9de7 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:55:13.0856 0572 PCIIde - ok
19:55:13.0919 0572 [ 1e052d2d5a43c0d097fd96b1490d6083 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:55:13.0919 0572 Pcmcia - ok
19:55:13.0935 0572 PDCOMP - ok
19:55:13.0966 0572 PDFRAME - ok
19:55:13.0997 0572 PDRELI - ok
19:55:14.0013 0572 PDRFRAME - ok
19:55:14.0044 0572 perc2 - ok
19:55:14.0075 0572 perc2hib - ok
19:55:14.0169 0572 [ 2a0bb5c67281c423f8d7d6b7d79699ac ] PlugPlay C:\WINDOWS\system32\services.exe
19:55:14.0169 0572 PlugPlay - ok
19:55:14.0185 0572 [ 1806020b8905c2a400ecd23733b78b87 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:55:14.0200 0572 PolicyAgent - ok
19:55:14.0216 0572 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:55:14.0216 0572 PptpMiniport - ok
19:55:14.0247 0572 [ 1806020b8905c2a400ecd23733b78b87 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:55:14.0247 0572 ProtectedStorage - ok
19:55:14.0278 0572 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:55:14.0278 0572 PSched - ok
19:55:14.0310 0572 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:55:14.0310 0572 Ptilink - ok
19:55:14.0341 0572 ql1080 - ok
19:55:14.0356 0572 Ql10wnt - ok
19:55:14.0388 0572 ql12160 - ok
19:55:14.0419 0572 ql1240 - ok
19:55:14.0450 0572 ql1280 - ok
19:55:14.0497 0572 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:55:14.0497 0572 RasAcd - ok
19:55:14.0544 0572 [ a45f25bed4def4e941b7ccfb5391e782 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:55:14.0544 0572 RasAuto - ok
19:55:14.0575 0572 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:55:14.0575 0572 Rasl2tp - ok
19:55:14.0622 0572 [ a31e640e2cb33c8e029b4235e6f6681b ] RasMan C:\WINDOWS\System32\rasmans.dll
19:55:14.0622 0572 RasMan - ok
19:55:14.0638 0572 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:55:14.0638 0572 RasPppoe - ok
19:55:14.0669 0572 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:55:14.0669 0572 Raspti - ok
19:55:14.0716 0572 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:55:14.0716 0572 Rdbss - ok
19:55:14.0731 0572 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:55:14.0731 0572 RDPCDD - ok
19:55:14.0825 0572 [ 6589db6e5969f8eee594cf71171c5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:55:14.0825 0572 RDPWD - ok
19:55:14.0872 0572 [ 279c3728d2af16167ec544f495f39341 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:55:14.0872 0572 RDSessMgr - ok
19:55:14.0919 0572 [ eb83edb7f55f1910e4db8c823a86ceed ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:55:14.0919 0572 redbook - ok
19:55:14.0966 0572 [ a9bf621f4c5b89cea6dd4fae77281754 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:55:14.0966 0572 RemoteAccess - ok
19:55:14.0981 0572 [ 9651cca84b86457879a69db07fa98617 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:55:14.0981 0572 RpcLocator - ok
19:55:15.0028 0572 [ b5f06957525d494d2c261b5739367524 ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:55:15.0028 0572 RpcSs - ok
19:55:15.0075 0572 [ 0a4e041dba5d0fb36863460dcbae2623 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:55:15.0075 0572 RSVP - ok
19:55:15.0106 0572 [ c8b370b2b520ac1b8bc66203fcec73db ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:55:15.0106 0572 RTL8023xp - ok
19:55:15.0138 0572 [ 1806020b8905c2a400ecd23733b78b87 ] SamSs C:\WINDOWS\system32\lsass.exe
19:55:15.0138 0572 SamSs - ok
19:55:15.0153 0572 [ 5dbe70e8932492dcfe78d21965652968 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:55:15.0153 0572 SCardSvr - ok
19:55:15.0216 0572 [ 9d48cfb98c9fd9159d00243fe665cf43 ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:55:15.0216 0572 Schedule - ok
19:55:15.0278 0572 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:55:15.0278 0572 Secdrv - ok
19:55:15.0310 0572 [ 1b2629d2114a76ed82d33d028cb9e9a0 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:55:15.0310 0572 seclogon - ok
19:55:15.0341 0572 [ eca77beeb2be8d573cf1b265e44fbfbd ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
19:55:15.0341 0572 SenFiltService - ok
19:55:15.0356 0572 [ 5fed33452fd871bde528af32f0d5063f ] SENS C:\WINDOWS\system32\sens.dll
19:55:15.0372 0572 SENS - ok
19:55:15.0388 0572 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:55:15.0388 0572 serenum - ok
19:55:15.0419 0572 [ ad994a88bbfa3c686397951b11a701a5 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:55:15.0435 0572 Serial - ok
19:55:15.0450 0572 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:55:15.0450 0572 Sfloppy - ok
19:55:15.0528 0572 [ 522873df0ffd34fb1a8af7d7e276727e ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:55:15.0544 0572 SharedAccess - ok
19:55:15.0560 0572 [ caae78d8d1009415ab67c11b03a0793f ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:55:15.0560 0572 ShellHWDetection - ok
19:55:15.0575 0572 Simbad - ok
19:55:15.0638 0572 [ f07af60b152221472fbdb2fecec4896d ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:55:15.0638 0572 SkypeUpdate - ok
19:55:15.0685 0572 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:55:15.0685 0572 SLIP - ok
19:55:15.0716 0572 [ 36ae91ffa69bfea093debc11c1d19e37 ] SNCT511 C:\WINDOWS\system32\DRIVERS\snct511.sys
19:55:15.0716 0572 SNCT511 - ok
19:55:15.0763 0572 [ a1eceeaa5c5e74b2499eb51d38185b84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:55:15.0763 0572 SONYPVU1 - ok
19:55:15.0778 0572 Sparrow - ok
19:55:15.0825 0572 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:55:15.0825 0572 splitter - ok
19:55:15.0872 0572 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:55:15.0872 0572 Spooler - ok
19:55:15.0919 0572 [ a41ac0d87dc3054db716f1456c84391c ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:55:15.0919 0572 sr - ok
19:55:15.0966 0572 [ bb9b6e360ff1a701a7920aa798a335bf ] srservice C:\WINDOWS\system32\srsvc.dll
19:55:15.0966 0572 srservice - ok
19:55:15.0997 0572 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:55:15.0997 0572 Srv - ok
19:55:16.0044 0572 [ 0870fa719dcfc9c49044a4852cc0859e ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:55:16.0044 0572 SSDPSRV - ok
19:55:16.0075 0572 [ c93aac10d3b6375e9c859ad8779b63bf ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:55:16.0075 0572 stisvc - ok
19:55:16.0106 0572 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:55:16.0106 0572 streamip - ok
19:55:16.0153 0572 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:55:16.0153 0572 swenum - ok
19:55:16.0169 0572 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:55:16.0169 0572 swmidi - ok
19:55:16.0200 0572 SwPrv - ok
19:55:16.0231 0572 symc810 - ok
19:55:16.0263 0572 symc8xx - ok
19:55:16.0294 0572 sym_hi - ok
19:55:16.0325 0572 sym_u3 - ok
19:55:16.0356 0572 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:55:16.0356 0572 sysaudio - ok
19:55:16.0403 0572 [ c4aac8ba839951337c8029ccc1841d8b ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:55:16.0403 0572 SysmonLog - ok
19:55:16.0435 0572 [ 3affc05e23e4a809b324952e8bce29c0 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:55:16.0450 0572 TapiSrv - ok
19:55:16.0497 0572 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:55:16.0497 0572 Tcpip - ok
19:55:16.0528 0572 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:55:16.0528 0572 TDPIPE - ok
19:55:16.0560 0572 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:55:16.0560 0572 TDTCP - ok
19:55:16.0591 0572 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:55:16.0591 0572 TermDD - ok
19:55:16.0622 0572 [ 949249ffefbdf35ab5a3bb31800b7c20 ] TermService C:\WINDOWS\System32\termsrv.dll
19:55:16.0622 0572 TermService - ok
19:55:16.0653 0572 [ caae78d8d1009415ab67c11b03a0793f ] Themes C:\WINDOWS\System32\shsvcs.dll
19:55:16.0653 0572 Themes - ok
19:55:16.0685 0572 TosIde - ok
19:55:16.0731 0572 [ 3986c1b3e63e831288f4ce4ac5902886 ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:55:16.0731 0572 TrkWks - ok
19:55:16.0794 0572 [ d85938f272d1bcf3db3a31fc0a048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
19:55:16.0794 0572 uagp35 - ok
19:55:16.0856 0572 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:55:16.0856 0572 Udfs - ok
19:55:16.0872 0572 ultra - ok
19:55:16.0919 0572 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:55:16.0935 0572 Update - ok
19:55:16.0950 0572 [ 0a0435be61ce7bb2f43a529eac811cb8 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:55:16.0950 0572 upnphost - ok
19:55:17.0013 0572 [ a7f37334a19a15f41935c8ec9037007f ] UPS C:\WINDOWS\System32\ups.exe
19:55:17.0013 0572 UPS - ok
19:55:17.0044 0572 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:55:17.0044 0572 usbehci - ok
19:55:17.0060 0572 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:55:17.0060 0572 usbhub - ok
19:55:17.0106 0572 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:55:17.0106 0572 USBSTOR - ok
19:55:17.0138 0572 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:55:17.0138 0572 usbuhci - ok
19:55:17.0169 0572 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:55:17.0169 0572 VgaSave - ok
19:55:17.0200 0572 [ 3b3efcda263b8ac14fdf9cbdd0791b2e ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:55:17.0200 0572 ViaIde - ok
19:55:17.0216 0572 [ 3cf5dc3fdf17ae17d488d4548ac33741 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:55:17.0216 0572 VolSnap - ok
19:55:17.0263 0572 [ 2b2b357b63acbee389bea503b5ca89ce ] VSS C:\WINDOWS\System32\vssvc.exe
19:55:17.0263 0572 VSS - ok
19:55:17.0310 0572 [ b49ee293a184a0ffff710cdd6713bd47 ] W32Time C:\WINDOWS\system32\w32time.dll
19:55:17.0310 0572 W32Time - ok
19:55:17.0341 0572 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:55:17.0341 0572 Wanarp - ok
19:55:17.0372 0572 WDICA - ok
19:55:17.0403 0572 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:55:17.0403 0572 wdmaud - ok
19:55:17.0435 0572 [ 7d28cee58219b1ade976c8438442bf41 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:55:17.0435 0572 WebClient - ok
19:55:17.0575 0572 [ 075ec50ca60f1b4ee576886bef72ab21 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:55:17.0575 0572 winmgmt - ok
19:55:17.0653 0572 [ e3122c37efe571f99ea955cbd7ef08d3 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
19:55:17.0653 0572 WmdmPmSN - ok
19:55:17.0700 0572 [ dded6630afd8227395a714e3162a97d7 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:55:17.0700 0572 WmiApSrv - ok
19:55:17.0747 0572 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:55:17.0747 0572 WS2IFSL - ok
19:55:17.0778 0572 [ 1a5ddc44b0ab7c40c13796db7db82989 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:55:17.0794 0572 wscsvc - ok
19:55:17.0810 0572 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:55:17.0810 0572 WSTCODEC - ok
19:55:17.0841 0572 [ 6f55057ee883ac1675f31242b6dd6ef3 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:55:17.0841 0572 wuauserv - ok
19:55:17.0903 0572 [ 0af6479664b3aab3b46881143345aeaa ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:55:17.0903 0572 WZCSVC - ok
19:55:17.0935 0572 [ 34994678129c0bd63e4c29e5780f4d34 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:55:17.0950 0572 xmlprov - ok
19:55:17.0966 0572 ================ Scan global ===============================
19:55:17.0997 0572 (e8944eec78ec2fe5f3a613ddf201c815) C:\WINDOWS\system32\basesrv.dll
19:55:18.0044 0572 (d516d93886e734efbcf80af943b9be79) C:\WINDOWS\system32\winsrv.dll
19:55:18.0044 0572 (d516d93886e734efbcf80af943b9be79) C:\WINDOWS\system32\winsrv.dll
19:55:18.0060 0572 (2a0bb5c67281c423f8d7d6b7d79699ac) C:\WINDOWS\system32\services.exe
19:55:18.0075 0572 [Global] - ok
19:55:18.0075 0572 ================ Scan MBR ==================================
19:55:18.0106 0572 MBR (0x1B8) (3c27c0429156adc19e0f46af77cd22d7) \Device\Harddisk0\DR0
19:55:18.0294 0572 \Device\Harddisk0\DR0 - ok
19:55:18.0294 0572 ================ Scan VBR ==================================
19:55:18.0310 0572 Boot (0x1200) (a16f7632244632c6ec297b1034a04555) \Device\Harddisk0\DR0\Partition1
19:55:18.0310 0572 \Device\Harddisk0\DR0\Partition1 - ok
19:55:18.0325 0572 ============================================================
19:55:18.0325 0572 Scan finished
19:55:18.0325 0572 ============================================================
19:55:18.0372 0552 Detected object count: 0
19:55:18.0372 0552 Actual detected object count: 0
19:56:31.0216 2052 Deinitialize success

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 15 August 2012 - 12:06 PM

Hello n1ck

did you get to run the aswMBR report?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 n1ck

n1ck
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 15 August 2012 - 12:10 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 19:56:53
-----------------------------
19:56:53.747 OS Version: Windows 5.1.2600 Service Pack 3
19:56:53.747 Number of processors: 2 586 0x604
19:56:53.747 ComputerName: NICK-A611B29939 UserName: nikos
19:56:57.185 Initialize success
19:58:43.106 AVAST engine defs: 12081503
19:58:59.856 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
19:58:59.856 Disk 0 Vendor: ExcelStor_Technology_J8160S P22OA70A Size: 157066MB BusType: 3
19:58:59.888 Disk 0 MBR read successfully
19:58:59.888 Disk 0 MBR scan
19:58:59.935 Disk 0 Windows XP default MBR code
19:58:59.966 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 157057 MB offset 63
19:58:59.981 Disk 0 scanning sectors +321653430
19:59:00.200 Disk 0 scanning C:\WINDOWS\system32\drivers
19:59:43.997 Service scanning
19:59:49.622 Service MpKsl6b6e91ab c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A19FA537-1DDD-4EFD-89CA-D8DBF6041FBC}\MpKsl6b6e91ab.sys **LOCKED** 32
19:59:57.747 Modules scanning
20:00:45.481 Disk 0 trace - called modules:
20:00:45.513 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:00:45.513 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86733ab8]
20:00:45.513 3 CLASSPNP.SYS[f7650fd7] -> nt!IofCallDriver -> \Device\00000063[0x866b9f18]
20:00:45.513 5 ACPI.sys[f74e6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x866eed98]
20:00:45.997 AVAST engine scan C:\WINDOWS
20:01:34.544 AVAST engine scan C:\WINDOWS\system32
20:05:43.763 AVAST engine scan C:\WINDOWS\system32\drivers
20:06:34.028 AVAST engine scan C:\Documents and Settings\nikos
20:09:08.716 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\nikos\Επιφάνεια εργασίας\MBR.dat"
20:09:08.747 The log file has been saved successfully to "C:\Documents and Settings\nikos\Επιφάνεια εργασίας\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users