1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved recycle bin on drive C: is corrupted

Discussion in 'Malware and Virus Removal Archive' started by 810311, 2011/01/20.

Page 2 of 3
  1. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0065CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0064CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0065CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0065CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0065CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0065CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0065C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0065CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0065CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0065C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0065CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0065CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0065CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0065C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0064CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0065CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0065CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0065CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0065CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0065CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00657790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00658320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0065CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0065CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0065CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0065CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0065CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0065CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0065CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0065CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0065CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0065CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0065CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0065CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0065CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0065CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0065CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0065CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0065CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0065CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0065CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0065CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0065D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [87, 88, CC, CC]
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 006562C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0065D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00656BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0065DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0065DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0065E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0065C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0065C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0065CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2128] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0065C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 008ECE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 008DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008ECDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008ECE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008ECE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 008ECE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 008EC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 008ECDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 008ECDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008EC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 008ECD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 008ECD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008ECE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 008EC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008EA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 008ECD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008ECC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008ECA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 008ECCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008ECCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008ECA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008E7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008E8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008ECD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008ECA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 008ECAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 008ECAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008ECC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 008ECB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 008ECBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 008ECCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 008ECBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 008ECC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008ECC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 008ECB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 008ECAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 008ECB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 008ECBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 008ECB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 008ECB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 008ECC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008ECA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 008ECD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 008ED830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [B0, 88, CC, CC] {MOV AL, 0x88; INT 3 ; INT 3 }
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 008E62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 008ED590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 008E6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 008EDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 008EDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 008EE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 008EE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 008EE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 008EC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 008EC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 008ECA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2168] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 008EC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #21
  2. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 008FCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 008ECD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008FCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008FCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008FCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 008FCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 008FC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 008FCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 008FCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008FC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 008FCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 008FCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008FCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 008FC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008FA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008ECE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 008FCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008FCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008FCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 008FCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008FCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008FCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008F7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008F8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008FCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008FCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 008FCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 008FCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008FCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 008FCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 008FCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 008FCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 008FCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 008FCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008FCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 008FCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 008FCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 008FCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 008FCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 008FCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 008FCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 008FCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008FCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 008FCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 008FD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [B1, 88, CC, CC] {MOV CL, 0x88; INT 3 ; INT 3 }
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 008F62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 008FD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 008F6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 008FDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 008FDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 008FE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 008FE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 008FE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 008FC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 008FC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 008FCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2188] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 008FC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2216] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #22


  3. to hide this advert.

  4. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005DCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005DCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 005DCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 005DCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 005DCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 005DC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 005DCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 005DCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 005DC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 005DCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 005DCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 005DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 005DC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005DA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 005DCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005DCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005DCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005DCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005DCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005DCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005D7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005D8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005DCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 005DCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 005DCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 005DCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 005DCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 005DCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 005DCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 005DCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 005DCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 005DCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 005DCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 005DCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 005DCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 005DCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 005DCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 005DCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 005DCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005DCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 005DCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 005DD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [7F, 88, CC, CC] {JG 0xffffffffffffff8a; INT 3 ; INT 3 }
    .text C:\WINDOWS\system32\svchost.exe[2280] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005D62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 005DD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005D6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 005DDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 005DDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 005DE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[2280] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 005DE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 005DE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 005DC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 005DC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 005DCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2280] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 005DC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0064CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0063CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0064CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0064CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0064CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0064CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0064C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0064CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0064CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0064C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0064CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0064CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0064CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0064C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0064A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0063CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0064CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0064CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0064CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0064CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0064CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0064CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00647790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00648320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0064CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0064CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0064CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0064CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0064CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0064CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0064CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0064CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0064CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0064CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0064CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0064CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0064CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0064CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0064CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0064CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0064CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0064CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0064CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0064CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0064D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [86, 88, CC, CC]
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 006462C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0064D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00646BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0064DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0064DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0064C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0064C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0064CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0064C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0064E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 0064C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe[2416] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0064C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #23
  5. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0039CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0038CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0039CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0039CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0039CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0039CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0039C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0039CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0039CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0039C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0039CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0039CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0039CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0039C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0039A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0038CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0039CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00398320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0039CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0039CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0039CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0039CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0039CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0039CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0039CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0039CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0039CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0039CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0039CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0039CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0039CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0039CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0039D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [5B, 88, CC, CC] {POP EBX; MOV AH, CL; INT 3 }
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003962C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0039D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00396BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0039DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0039DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0039E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0039C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0039C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0039CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2424] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0039C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
    .text C:\WINDOWS\System32\alg.exe[2600] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2600] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #24
  6. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0060CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005FCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0060CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0060CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0060CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0060CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0060C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0060CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0060CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0060C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0060CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0060CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0060CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0060C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0060A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005FCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0060CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0060CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0060CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0060CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0060CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0060CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00607790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00608320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0060CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0060CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0060CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0060CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0060CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0060CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0060CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0060CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0060CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0060CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0060CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0060CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0060CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0060CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0060CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0060CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0060CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0060CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0060CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0060CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0060E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 0060E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0060D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [82, 88, CC, CC]
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 006062C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0060D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00606BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0060DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0060DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0060E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2628] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0060C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0060C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0060CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2628] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0060C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0093CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0092CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0093CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0093CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0093CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0093CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0093C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0093CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0093CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0093C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0093CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0093CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0093C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0093A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0092CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0093CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0093CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0093CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0093CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0093CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0093CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00938320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0093CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0093CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0093CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0093CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0093CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0093CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0093CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0093CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0093CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0093CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0093CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0093CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0093CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0093CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0093CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0093CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0093D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [B5, 88, CC, CC] {MOV CH, 0x88; INT 3 ; INT 3 }
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 009362C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0093D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00936BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0093DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0093DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0093E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0093C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0093C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0093CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0093C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0093E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 0093E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 0093C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2792] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0093C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #25
  7. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2880] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005DCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005DCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 005DCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 005DCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 005DCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 005DC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 005DCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 005DCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 005DC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 005DCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 005DCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 005DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 005DC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005DA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 005DCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005DCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005DCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005DCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005DCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005DCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005D7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005D8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005DCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 005DCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 005DCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 005DCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 005DCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 005DCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 005DCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 005DCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 005DCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 005DCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 005DCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 005DCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 005DCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 005DCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 005DCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 005DCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 005DCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005DCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 005DCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 005DD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [7F, 88, CC, CC] {JG 0xffffffffffffff8a; INT 3 ; INT 3 }
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005D62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 005DD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005D6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 005DDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 005DDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 005DE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 005DE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 005DE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 005DC920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 005DC940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 005DC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 005DC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 005DCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3000] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 005DC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #26
  8. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
    .text C:\Program Files\Apoint\HidFind.exe[4104] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\HidFind.exe[4104] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] shell32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] shell32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] shell32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] shell32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #27
  9. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00A1CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A0CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A1CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A1CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A1CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00A1CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00A1C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00A1CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00A1CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A1C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00A1CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00A1CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A1CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00A1C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A1A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A0CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 00A1CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A1CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A1CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00A1CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A1CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A1CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A17790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A18320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A1CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A1CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00A1CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00A1CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A1CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00A1CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A1CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00A1CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00A1CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A1CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A1CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00A1CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00A1CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00A1CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A1CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00A1CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00A1CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00A1CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A1CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00A1CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00A1E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Apoint\Apntex.exe[4248] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 00A1D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [C3, 88, CC, CC] {RET ; MOV AH, CL; INT 3 }
    .text C:\Program Files\Apoint\Apntex.exe[4248] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A162C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 00A1D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A16BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 00A1DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 00A1DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 00A1C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 00A1C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 00A1CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apntex.exe[4248] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 00A1C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002C750 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Google Talk\googletalk.exe[4264] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #28
  10. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00A3CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A2CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A3CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A3CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A3CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00A3CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00A3C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00A3CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00A3CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00A3CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00A3CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A3CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00A3C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A3A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A2CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 00A3CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A3CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A3CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00A3CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A3CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A3CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A38320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A3CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A3CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00A3CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00A3CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A3CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00A3CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A3CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A3CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00A3CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00A3CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A3CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00A3CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00A3CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00A3CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A3CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00A3CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 00A3D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [C5, 88, CC, CC]
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A362C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 00A3D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A36BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 00A3DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 00A3DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00A3E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 00A3C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 00A3C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 00A3CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 00A3C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00A3E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00A3E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 3 Bytes JMP 0091CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtAllocateVirtualMemory + 4 7C90CF72 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0090CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 0091CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 0091CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtCreateProcessEx 7C90D15E 3 Bytes JMP 0091CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtCreateProcessEx + 4 7C90D162 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes JMP 0091CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtDeleteFile + 4 7C90D242 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtFreeVirtualMemory 7C90D38E 3 Bytes JMP 0091C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtFreeVirtualMemory + 4 7C90D392 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes JMP 0091CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtLoadDriver + 4 7C90D472 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes JMP 0091CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtOpenFile + 4 7C90D5A2 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtSetInformationProcess 7C90DC9E 3 Bytes JMP 0091CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtSetInformationProcess + 4 7C90DCA2 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtUnloadDriver 7C90DEBE 3 Bytes JMP 0091CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtUnloadDriver + 4 7C90DEC2 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes JMP 0091CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!RtlAllocateHeap 7C9100C4 3 Bytes JMP 0091C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!RtlAllocateHeap + 4 7C9100C8 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes JMP 0091A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!LdrLoadDll + 4 7C9163C7 1 Byte [84]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0090CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0091CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0091CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0091CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0091CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0091CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0091CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00918320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0091CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0091CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0091CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0091CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0091CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0091CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0091CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0091CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0091CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0091CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0091CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0091CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0091CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0091CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0091CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0091CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0091D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [B3, 88, CC, CC] {MOV BL, 0x88; INT 3 ; INT 3 }
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 009162C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0091D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00916BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0091DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0091DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0091E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0091C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0091C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0091CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0091C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 0091C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 0091C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft Security Client\msseces.exe[4536] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0091E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #29
  11. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0051CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0050CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0051CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0051CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0051CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0051CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0051C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0051CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0051CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0051C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0051CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0051CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0051CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0051C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0051A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0050CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0051CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0051CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0051CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0051CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0051CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0051CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00518320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0051CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0051CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0051CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0051CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0051CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0051CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0051CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0051CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0051CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0051CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0051CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0051CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0051CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0051CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0051CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0051CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0051D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [73, 88, CC, CC] {JAE 0xffffffffffffff8a; INT 3 ; INT 3 }
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005162C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0051D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00516BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0051DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0051DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0051E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\ctfmon.exe[4888] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0051C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0051C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0051CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0051C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0051E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[4888] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 0051E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9DD9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9DD9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DD97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9DD97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9DD97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9DD9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9DD9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DD97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DD97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9DD97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9DD9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9DD9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9DD97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9DD97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9DD9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9DD9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9DD9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9DD9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9DD97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DD97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9DD97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9DD9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9DD9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B9DD9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B9DD9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DD97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B9DD97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [B9DD9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [B9DD97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [B9DD9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DD97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9DD97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DD97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9DD9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9DD9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
     
    810311,
    #30
  12. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\Explorer.EXE[1704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02A92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02A92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02A92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02A92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Apoint\HidFind.exe[4104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Apoint\HidFind.exe[4104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Apoint\HidFind.exe[4104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Apoint\HidFind.exe[4104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe[4208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Apoint\Apntex.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Apoint\Apntex.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Apoint\Apntex.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Apoint\Apntex.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Google\Google Talk\googletalk.exe[4264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Google\Google Talk\googletalk.exe[4264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Google\Google Talk\googletalk.exe[4264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Google\Google Talk\googletalk.exe[4264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C82F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C82CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C82D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[4352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C82CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Microsoft Security Client\msseces.exe[4536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D32F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Microsoft Security Client\msseces.exe[4536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D32CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Microsoft Security Client\msseces.exe[4536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D32D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Microsoft Security Client\msseces.exe[4536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D32CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\ctfmon.exe[4888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\ctfmon.exe[4888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\ctfmon.exe[4888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\ctfmon.exe[4888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    Device \FileSystem\Fastfat \Fat B1B98D20

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC2F378D-3371-11F1-C66B-6FA2D3FFA350}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC2F378D-3371-11F1-C66B-6FA2D3FFA350}@iafplbalkmabgficgi 0x69 0x61 0x6C 0x66 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC2F378D-3371-11F1-C66B-6FA2D3FFA350}@hahonaclildhmomj 0x69 0x61 0x6C 0x66 ...

    ---- EOF - GMER 1.0.15 ----
     
    810311,
    #31
  13. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 165):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB9F4A000 pcmcia.sys
    0xBA0B8000 MountMgr.sys
    0xB9F2B000 ftdisk.sys
    0xB9F05000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0C8000 VolSnap.sys
    0xB9EED000 atapi.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9ECD000 fltmgr.sys
    0xB9EBB000 sr.sys
    0xB9EA5000 DRVMCDB.SYS
    0xBA0F8000 PxHelp20.sys
    0xB9E8E000 KSecDD.sys
    0xB9E7B000 WudfPf.sys
    0xB9DEE000 Ntfs.sys
    0xB9DD8000 inspect.sys
    0xB9DAB000 \WINDOWS\System32\DRIVERS\NDIS.SYS
    0xBA338000 \WINDOWS\System32\DRIVERS\TDI.SYS
    0xBA340000 pbadrv.sys
    0xBA108000 ohci1394.sys
    0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB9D91000 Mup.sys
    0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xB9738000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xBA580000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xBA584000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xB933A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB9326000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB92FE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB926A000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xB9247000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xBA418000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB9223000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA420000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB9728000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xB9208000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xBA428000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA430000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB9718000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA5A0000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB9708000 \SystemRoot\system32\DRIVERS\smcirda.sys
    0xBA5A4000 \SystemRoot\system32\DRIVERS\irenum.sys
    0xB96F8000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA5D2000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xB96E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB96D8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB91BD000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA723000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA438000 \SystemRoot\system32\DRIVERS\rasirda.sys
    0xBA178000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB9D51000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB91A6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA198000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB9195000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA440000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA448000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB9165000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA1B8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA5EE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB9107000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9D20000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA1C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB6FCF000 \SystemRoot\system32\drivers\sthda.sys
    0xB6FAB000 \SystemRoot\system32\drivers\portcls.sys
    0xBA1E8000 \SystemRoot\system32\drivers\drmk.sys
    0xB6F71000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0xB6E7A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0xB6DC4000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0xBA450000 \SystemRoot\System32\Drivers\Modem.SYS
    0xBA248000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA602000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB91E0000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xB6D75000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0xB6D3C000 \SystemRoot\System32\DRIVERS\cmdguard.sys
    0xBA5AE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA711000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5B0000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA4A0000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
    0xBA4A8000 \SystemRoot\System32\drivers\vga.sys
    0xBA5B2000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5B4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA4B0000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA350000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB6D9C000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB6D09000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB6CB0000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xBA370000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
    0xB6C62000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB6C3A000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xBA298000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB6C18000 \SystemRoot\System32\drivers\afd.sys
    0xBA2A8000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xBA2B8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB6B56000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xBA378000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xB6B2B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB6ABB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA388000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{170F59AD-C713-4820-BFE9-5AB383B31FF1}\MpKsl9d7b49e3.sys
    0xBA390000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{170F59AD-C713-4820-BFE9-5AB383B31FF1}\MpKsl470108f2.sys
    0xBA2C8000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB90FF000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
    0xBA398000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
    0xBA2D8000 \SystemRoot\System32\Drivers\WDFLDR.SYS
    0xB6A3F000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xB90FB000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA2E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA3A0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA308000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBA148000 \SystemRoot\System32\Drivers\oz776.sys
    0xB90E7000 \SystemRoot\System32\Drivers\SMCLIB.SYS
    0xBA3B0000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0xB90E3000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xBA3B8000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0xBA3C0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB96B8000 \SystemRoot\system32\drivers\LVUSBSta.sys
    0xB67A5000 \SystemRoot\system32\DRIVERS\LV302V32.SYS
    0xBA5C0000 \SystemRoot\system32\DRIVERS\lv302af.sys
    0xB96A8000 \SystemRoot\system32\drivers\usbaudio.sys
    0xB670D000 \SystemRoot\system32\DRIVERS\lvrs.sys
    0xB66F5000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA5C2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xBA578000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA3C8000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA736000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB96C8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xBA722000 \SystemRoot\System32\DLA\DLADResN.SYS
    0xB569E000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xBA558000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xBA5D8000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xBA3D8000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xB5686000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xB5670000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xB4CCA000 \SystemRoot\system32\DRIVERS\irda.sys
    0xB554C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB4A0D000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB4B32000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB47D2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB55A8000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0xB4662000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB464A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xB3BD1000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB6595000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
    0xB23B7000 \??\C:\DOCUME~1\SERGEI~1\LOCALS~1\Temp\pftoapod.sys
    0xB1B91000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB4586000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 62):
    0 System Idle Process
    4 System
    872 C:\WINDOWS\system32\smss.exe
    948 csrss.exe
    972 C:\WINDOWS\system32\winlogon.exe
    1016 C:\WINDOWS\system32\services.exe
    1044 C:\WINDOWS\system32\lsass.exe
    1228 C:\WINDOWS\system32\svchost.exe
    1300 svchost.exe
    1444 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    1480 C:\WINDOWS\system32\svchost.exe
    1512 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    1656 C:\WINDOWS\system32\svchost.exe
    1928 svchost.exe
    320 C:\WINDOWS\system32\WLTRYSVC.EXE
    332 C:\WINDOWS\system32\BCMWLTRY.EXE
    376 C:\WINDOWS\system32\spoolsv.exe
    436 scardsvr.exe
    1704 C:\WINDOWS\explorer.exe
    1856 svchost.exe
    1904 C:\xampp\apache\bin\httpd.exe
    2032 C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    216 C:\Program Files\Java\jre6\bin\jqs.exe
    304 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    620 C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
    740 C:\WINDOWS\system32\rundll32.exe
    860 C:\WINDOWS\stsystra.exe
    804 C:\Program Files\Dell\QuickSet\quickset.exe
    2116 C:\xampp\apache\bin\httpd.exe
    2128 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    2168 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    2188 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    2216 C:\WINDOWS\system32\nvsvc32.exe
    2280 C:\WINDOWS\system32\svchost.exe
    2416 C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    2880 C:\WINDOWS\system32\wscntfy.exe
    3000 wmiprvse.exe
    688 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    836 C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
    2424 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    2792 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    1428 C:\Program Files\Apoint\Apoint.exe
    2600 alg.exe
    4104 C:\Program Files\Apoint\hidfind.exe
    4248 C:\Program Files\Apoint\ApntEx.exe
    4264 C:\Program Files\Google\Google Talk\googletalk.exe
    4352 C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    4536 C:\Program Files\Microsoft Security Client\msseces.exe
    4888 C:\WINDOWS\system32\ctfmon.exe
    4208 C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe
    2304 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    5040 C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2644 C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4392 C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4648 C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2796 C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    1732 C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    5008 C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    4972 C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    5824 C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    5928 wmiprvse.exe
    6116 C:\Documents and Settings\Sergei Prigara\My Documents\downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

    PhysicalDrive0 Model Number: <error opening>

    Size Device Name MBR Status
    --------------------------------------------
    ERROR Opening: \\.\PhysicalDrive0 (32)


    Done!
     
    810311,
    #32
  14. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/5/2007 7:55:36 PM
    System Uptime: 1/22/2011 5:41:24 PM (5 hours ago)

    Motherboard: Dell Inc. | | 0JF242
    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1994/166mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 93 GiB total, 67.585 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP14: 1/6/2011 4:36:56 PM - Removed Skypeâ„¢ 5.0
    RP15: 1/7/2011 12:04:11 PM - Software Distribution Service 3.0
    RP16: 1/7/2011 3:57:07 PM - Installed COMODO Internet Security
    RP17: 1/8/2011 5:31:23 PM - Software Distribution Service 3.0
    RP18: 1/8/2011 9:24:16 PM - Installed Windows XP Service Pack 3.
    RP19: 1/8/2011 9:30:35 PM - Installed Windows XP KB950762.
    RP20: 1/8/2011 9:31:45 PM - Installed Windows XP KB951376.
    RP21: 1/8/2011 9:32:48 PM - Installed Windows XP KB951376-v2.
    RP22: 1/8/2011 9:33:49 PM - Installed Windows XP KB951698.
    RP23: 1/9/2011 12:17:53 AM - Software Distribution Service 3.0
    RP24: 1/9/2011 6:57:59 PM - Software Distribution Service 3.0
    RP25: 1/10/2011 8:00:15 PM - Software Distribution Service 3.0
    RP26: 1/11/2011 10:31:38 PM - Software Distribution Service 3.0
    RP27: 1/12/2011 4:21:55 PM - Software Distribution Service 3.0
    RP28: 1/12/2011 6:19:20 PM - Installed Windows XP Service Pack 3.
    RP29: 1/12/2011 6:22:48 PM - Installed Windows XP KB950762.
    RP30: 1/12/2011 6:24:06 PM - Installed Windows XP KB951376.
    RP31: 1/12/2011 6:25:16 PM - Installed Windows XP KB951376-v2.
    RP32: 1/12/2011 6:26:21 PM - Installed Windows XP KB951698.
    RP33: 1/12/2011 7:15:38 PM - Software Distribution Service 3.0
    RP34: 1/13/2011 12:00:55 PM - Software Distribution Service 3.0
    RP35: 1/14/2011 12:13:45 PM - System Checkpoint
    RP36: 1/14/2011 1:52:23 PM - Software Distribution Service 3.0
    RP37: 1/15/2011 2:46:45 PM - System Checkpoint
    RP38: 1/15/2011 6:40:20 PM - Software Distribution Service 3.0
    RP39: 1/16/2011 6:49:03 PM - Software Distribution Service 3.0
    RP40: 1/17/2011 6:56:17 PM - Software Distribution Service 3.0
    RP41: 1/18/2011 11:35:11 PM - Software Distribution Service 3.0
    RP42: 1/20/2011 12:36:27 PM - Software Distribution Service 3.0
    RP43: 1/22/2011 12:38:23 AM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    µTorrent
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Viewer 2
    Adobe Photoshop 7.0
    Adobe Reader X
    ALPS Touch Pad Driver
    Apple Software Update
    biolsp patch
    Broadcom TPM Driver Installer
    CDDRV_Installer
    COMODO Internet Security
    Compatibility Pack for the 2007 Office system
    Conexant HDA D110 MDC V.92 Modem
    Content Transfer
    Cool FLAC To MP3 Converter 1.0
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Embassy Trust Suite by Wave Systems
    Dell Support 3.2.1
    Dell Wireless WLAN Card
    Digital Line Detect
    Document Manager Lite
    EMBASSY Security Center
    EMBASSY Trust Suite by Wave Systems
    ETS Launch Pad
    ETS Upgrade
    FileZilla Client 3.3.2.1
    Google Chrome
    Google Talk (remove only)
    Google Talk Plugin
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Huffyuv AVI lossless video codec (Remove Only)
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) 6 Update 7
    KhalInstallWrapper
    LightScribe 1.4.136.1
    Logitech Desktop Messenger
    Logitech Legacy USB Camera Driver Package
    Logitech QuickCam
    Logitech QuickCam Driver Package
    Logitech SetPoint
    Macromedia Dreamweaver MX
    Macromedia Extension Manager
    Macromedia Fireworks MX
    Macromedia Flash MX
    Macromedia FreeHand 10
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Modem Helper
    Mozilla Firefox (2.0.0.20)
    MSVC80_x86
    MSVC80_x86_v2
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    NTRU Hybrid TSS v2.0.25
    NVIDIA Drivers
    NWZ-E340 WALKMAN Guide
    OGA Notifier 2.0.0048.0
    Picasa 3
    PowerDVD 5.7
    Preboot Manager
    Private Information Manager
    QuickSet
    QuickTime
    Roxio Activation Module
    Roxio DLA
    Roxio Express Labeler
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Secure Update
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Security Wizards
    Skypeâ„¢ 5.1
    SUPERAntiSpyware
    TeamViewer 5
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    upekmsi
    VLC media player 1.0.2
    Wave Infrastructure Installer
    Wave Support Software
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    XAMPP 1.7.1

    ==== Event Viewer Messages From Past Week ========

    1/22/2011 5:43:02 PM, error: System Error [1003] - Error code 100000d1, parameter1 00de0000, parameter2 00000007, parameter3 00000000, parameter4 7c9102f6.
    1/22/2011 12:54:08 AM, error: Service Control Manager [7034] - The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly. It has done this 1 time(s).
    1/22/2011 12:54:07 AM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
    1/22/2011 12:54:07 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    1/22/2011 12:54:07 AM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
    1/22/2011 12:54:07 AM, error: Service Control Manager [7034] - The LVCOMSer service terminated unexpectedly. It has done this 1 time(s).
    1/22/2011 12:54:07 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    1/22/2011 12:54:07 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    1/22/2011 12:54:07 AM, error: Service Control Manager [7034] - The DataSvr2 service terminated unexpectedly. It has done this 1 time(s).
    1/22/2011 12:54:06 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
    1/22/2011 12:54:06 AM, error: Service Control Manager [7034] - The Apache2.2 service terminated unexpectedly. It has done this 1 time(s).
    1/22/2011 12:54:06 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    1/22/2011 1:38:02 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    1/20/2011 4:32:48 PM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070057.
    1/17/2011 9:23:02 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    1/16/2011 6:20:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/16/2011 6:19:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV cmdGuard cmdHlp Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    1/16/2011 6:19:15 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    1/16/2011 6:19:15 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/16/2011 6:19:15 PM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/16/2011 6:19:15 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/16/2011 6:19:15 PM, error: Service Control Manager [7001] - The Apache2.2 service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

    ==== End Of File ===========================
     
    810311,
    #33
  15. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Sergei Prigara at 22:28:39.92 on Sat 01/22/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.2046.1267 [GMT -6:00]

    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: COMODO Firewall *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\xampp\apache\bin\httpd.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\xampp\apache\bin\httpd.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Sergei Prigara\My Documents\downloads\9zit5uo5.exe
    C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sergei Prigara\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [Google Update] "c:\documents and settings\sergei prigara\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe "
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    AppInit_DLLs: c:\windows\system32\wxvault.dll c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\sergei~1\applic~1\mozilla\firefox\profiles\vqk11lbx.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://today.ask.com/dvdvideosoft?o=13162&l=dis

    ============= SERVICES / DRIVERS ===============

    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-12-29 239368]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-12-29 27576]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsl470108f2;MpKsl470108f2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{170f59ad-c713-4820-bfe9-5ab383b31ff1}\MpKsl470108f2.sys [2011-1-22 28752]
    R1 MpKsl9d7b49e3;MpKsl9d7b49e3;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{170f59ad-c713-4820-bfe9-5ab383b31ff1}\MpKsl9d7b49e3.sys [2011-1-22 28752]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-9 24636]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-12-29 1771288]
    S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [2004-6-15 7882]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-27 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-27 8320]
    S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2010-2-27 32377]

    =============== Created Last 30 ================

    2011-01-22 06:57:18 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{170f59ad-c713-4820-bfe9-5ab383b31ff1}\MpKsl9d7b49e3.sys
    2011-01-22 06:39:08 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{170f59ad-c713-4820-bfe9-5ab383b31ff1}\MpKsl470108f2.sys
    2011-01-22 06:38:54 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{170f59ad-c713-4820-bfe9-5ab383b31ff1}\mpengine.dll
    2011-01-13 03:31:33 -------- d-----w- C:\!KillBox
    2011-01-13 02:47:26 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
    2011-01-13 02:45:45 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys
    2011-01-13 02:45:31 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
    2011-01-13 02:44:59 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
    2011-01-13 02:43:33 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
    2011-01-13 02:43:33 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
    2011-01-13 02:43:32 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
    2011-01-13 02:43:31 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
    2011-01-13 02:43:31 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
    2011-01-13 02:43:27 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
    2011-01-09 03:28:04 33792 ------w- c:\program files\messenger\custsat.dll
    2011-01-09 03:28:03 9728 ------w- c:\windows\system32\rwnh.dll
    2011-01-09 03:28:03 189440 ----a-w- c:\windows\system32\dllcache\smtpadm.dll
    2011-01-09 03:28:03 10752 ------w- c:\windows\system32\smtpapi.dll
    2011-01-09 03:28:03 -------- d-----w- c:\program files\Messenger
    2011-01-09 03:28:02 81920 ------w- c:\windows\system32\ieencode.dll
    2011-01-09 03:27:55 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
    2011-01-09 03:27:54 829440 ----a-w- c:\windows\system32\dllcache\inetmgr.dll
    2011-01-09 03:27:40 68608 ----a-w- c:\windows\system32\dllcache\iisext51.dll
    2011-01-09 03:27:33 68608 ----a-w- c:\windows\system32\dllcache\isatq.dll
    2011-01-09 03:27:33 13312 ----a-w- c:\windows\system32\dllcache\infoadmn.dll
    2011-01-09 03:27:28 64512 ----a-w- c:\windows\system32\dllcache\iismap.dll
    2011-01-09 03:27:28 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
    2011-01-09 03:27:26 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll
    2011-01-09 03:27:26 30720 ----a-w- c:\windows\system32\dllcache\iisrstas.exe
    2011-01-09 03:27:26 133632 ----a-w- c:\windows\system32\dllcache\iisrtl.dll
    2011-01-09 03:27:25 8192 ----a-w- c:\windows\system32\dllcache\staxmem.dll
    2011-01-07 22:00:27 -------- d--h--w- C:\VritualRoot
    2011-01-07 21:57:09 -------- d-----w- c:\program files\COMODO
    2011-01-07 21:53:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo
    2011-01-06 22:36:56 -------- d-----r- c:\program files\Skype
    2011-01-03 21:33:09 -------- d-----w- c:\program files\Microsoft
    2011-01-03 21:32:32 -------- d-----w- c:\program files\Unlocker
    2010-12-31 04:01:17 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2010-12-31 03:43:51 -------- d-sha-r- C:\cmdcons
    2010-12-31 03:09:07 98816 ----a-w- c:\windows\sed.exe
    2010-12-31 03:09:07 89088 ----a-w- c:\windows\MBR.exe
    2010-12-31 03:09:07 256512 ----a-w- c:\windows\PEV.exe
    2010-12-31 03:09:07 161792 ----a-w- c:\windows\SWREG.exe
    2010-12-30 03:40:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-30 03:40:09 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2010-12-30 03:02:23 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-30 01:56:52 -------- d-----w- c:\program files\Microsoft Security Client
    2010-12-29 07:42:04 285480 ----a-w- c:\windows\system32\guard32.dll
    2010-12-29 07:41:28 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2010-12-29 07:41:26 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2010-12-29 07:41:26 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2010-12-28 01:03:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2010-12-26 06:02:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-26 06:02:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-26 06:02:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-26 00:30:00 -------- d-----w- c:\docume~1\sergei~1\applic~1\SUPERAntiSpyware.com
    2010-12-26 00:30:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2010-12-26 00:29:41 -------- d-----w- c:\program files\SUPERAntiSpyware

    ==================== Find3M ====================

    2010-12-23 06:24:59 0 ----a-w- c:\windows\Sfapahi.bin
    2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-12 22:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2009-06-06 17:48:14 3371384 ----a-w- c:\program files\mbam-setup.exe
    2008-06-29 04:31:30 56826856 ----a-w- c:\program files\setpoint460.exe

    ============= FINISH: 22:29:41.45 ===============
     
    810311,
    #34
  16. 2011/01/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    We need to double check your MBR.

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
    broni,
    #35
  17. 2011/01/23
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    hi broni,

    please, find the log below.

    thank you


    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
    810311,
    #36
  18. 2011/01/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good :)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #37
  19. 2011/01/23
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    ComboFix 11-01-23.03 - Sergei Prigara 01/23/2011 19:08:04.2.2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.2046.1691 [GMT -6:00]
    Running from: C:\Documents and Settings\Sergei Prigara\My Documents\downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-24 to 2011-01-24 )))))))))))))))))))))))))))))))
    .

    2011-01-23 17:07:28 . 2011-01-13 09:41:52 5890896 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2570893-BC31-42DB-8988-F8DE655BE2D8}\mpengine.dll
    2011-01-13 03:31:33 . 2011-01-13 03:31:33 -------- d-----w- C:\!KillBox
    2011-01-13 02:47:26 . 2008-04-14 06:10:52 12288 ----a-w- C:\WINDOWS\system32\dllcache\4mmdat.sys
    2011-01-13 02:45:45 . 2004-08-04 10:00:00 11264 ----a-w- C:\WINDOWS\system32\dllcache\1394vdbg.sys
    2011-01-13 02:45:31 . 2004-08-04 10:00:00 7168 ----a-w- C:\WINDOWS\system32\dllcache\wamregps.dll
    2011-01-13 02:44:59 . 2001-08-17 20:56:04 66048 ----a-w- C:\WINDOWS\system32\dllcache\s3legacy.dll
    2011-01-13 02:43:33 . 2004-08-04 10:00:00 7680 ----a-w- C:\WINDOWS\system32\dllcache\inetmgr.exe
    2011-01-13 02:43:33 . 2004-08-04 10:00:00 19968 ----a-w- C:\WINDOWS\system32\dllcache\inetsloc.dll
    2011-01-13 02:43:32 . 2004-08-04 10:00:00 169984 ----a-w- C:\WINDOWS\system32\dllcache\iisui.dll
    2011-01-13 02:43:31 . 2004-08-04 10:00:00 5632 ----a-w- C:\WINDOWS\system32\dllcache\iisrstap.dll
    2011-01-13 02:43:31 . 2004-08-04 10:00:00 14336 ----a-w- C:\WINDOWS\system32\dllcache\iisreset.exe
    2011-01-13 02:43:27 . 2004-08-04 10:00:00 6144 ----a-w- C:\WINDOWS\system32\dllcache\ftpsapi2.dll
    2011-01-09 03:28:03 . 2008-04-14 11:42:08 189440 ----a-w- C:\WINDOWS\system32\dllcache\smtpadm.dll
    2011-01-09 03:28:03 . 2008-04-14 11:42:08 10752 ------w- C:\WINDOWS\system32\smtpapi.dll
    2011-01-09 03:28:03 . 2008-04-14 11:42:06 9728 ------w- C:\WINDOWS\system32\rwnh.dll
    2011-01-09 03:28:02 . 2008-04-14 11:41:56 81920 ------w- C:\WINDOWS\system32\ieencode.dll
    2011-01-09 03:27:55 . 2008-04-14 11:41:50 290816 ----a-w- C:\WINDOWS\system32\dllcache\adsiis51.dll
    2011-01-09 03:27:54 . 2008-04-14 11:41:56 829440 ----a-w- C:\WINDOWS\system32\dllcache\inetmgr.dll
    2011-01-09 03:27:40 . 2008-04-14 11:41:56 68608 ----a-w- C:\WINDOWS\system32\dllcache\iisext51.dll
    2011-01-09 03:27:33 . 2008-04-14 11:41:56 68608 ----a-w- C:\WINDOWS\system32\dllcache\isatq.dll
    2011-01-09 03:27:33 . 2008-04-14 11:41:56 13312 ----a-w- C:\WINDOWS\system32\dllcache\infoadmn.dll
    2011-01-09 03:27:28 . 2008-04-14 11:41:56 64512 ----a-w- C:\WINDOWS\system32\dllcache\iismap.dll
    2011-01-09 03:27:28 . 2008-04-14 11:41:50 43520 ----a-w- C:\WINDOWS\system32\dllcache\admwprox.dll
    2011-01-09 03:27:26 . 2008-04-14 11:42:24 30720 ----a-w- C:\WINDOWS\system32\dllcache\iisrstas.exe
    2011-01-09 03:27:26 . 2008-04-14 11:41:56 133632 ----a-w- C:\WINDOWS\system32\dllcache\iisrtl.dll
    2011-01-09 03:27:26 . 2008-04-14 11:41:52 46592 ----a-w- C:\WINDOWS\system32\dllcache\coadmin.dll
    2011-01-09 03:27:25 . 2008-04-14 11:42:08 8192 ----a-w- C:\WINDOWS\system32\dllcache\staxmem.dll
    2011-01-07 22:02:52 . 2011-01-07 22:02:52 -------- d-----w- C:\Program Files\Common Files\Skype
    2011-01-07 22:00:27 . 2011-01-07 22:00:27 -------- d-----w- C:\VritualRoot
    2011-01-07 21:57:09 . 2011-01-07 21:57:09 -------- d-----w- C:\Program Files\COMODO
    2011-01-07 21:53:21 . 2011-01-07 22:08:23 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Comodo
    2011-01-07 21:16:01 . 2011-01-07 21:16:01 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
    2011-01-06 22:36:56 . 2011-01-07 22:02:52 -------- d-----r- C:\Program Files\Skype
    2011-01-03 21:33:09 . 2011-01-04 04:11:20 -------- d-----w- C:\Program Files\Microsoft
    2011-01-03 21:32:32 . 2011-01-04 03:51:36 -------- d-----w- C:\Program Files\Unlocker
    2010-12-31 04:01:17 . 2011-01-13 09:41:52 5890896 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-30 03:40:09 . 2010-11-13 00:53:06 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
    2010-12-30 03:40:09 . 2010-11-13 00:53:06 472808 ----a-w- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-30 03:02:23 . 2010-10-19 16:41:44 222080 ------w- C:\WINDOWS\system32\MpSigStub.exe
    2010-12-30 01:56:52 . 2010-12-30 02:57:18 -------- d-----w- C:\Program Files\Microsoft Security Client
    2010-12-29 07:42:04 . 2010-12-29 07:42:04 285480 ----a-w- C:\WINDOWS\system32\guard32.dll
    2010-12-29 07:41:28 . 2011-01-13 22:01:42 94784 ----a-w- C:\WINDOWS\system32\drivers\inspect.sys
    2010-12-29 07:41:28 . 2011-01-13 22:01:42 27576 ----a-w- C:\WINDOWS\system32\drivers\cmdhlp.sys
    2010-12-29 07:41:26 . 2011-01-13 22:01:42 15592 ----a-w- C:\WINDOWS\system32\drivers\cmderd.sys
    2010-12-29 07:41:26 . 2011-01-13 22:01:41 239368 ----a-w- C:\WINDOWS\system32\drivers\cmdGuard.sys
    2010-12-28 01:03:32 . 2010-12-28 01:03:32 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData
    2010-12-26 06:02:46 . 2010-12-21 00:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2010-12-26 06:02:43 . 2010-12-26 06:02:47 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2010-12-26 06:02:43 . 2010-12-21 00:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2010-12-26 00:30:00 . 2010-12-26 00:30:00 -------- d-----w- C:\Documents and Settings\Sergei Prigara\Application Data\SUPERAntiSpyware.com
    2010-12-26 00:30:00 . 2010-12-26 00:30:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-12-26 00:29:41 . 2011-01-18 03:23:00 -------- d-----w- C:\Program Files\SUPERAntiSpyware

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-02 03:35:18 . 2010-12-02 03:35:18 4280320 ----a-w- C:\WINDOWS\system32\GPhotos.scr
    2010-11-18 18:12:44 . 2004-08-11 23:12:50 81920 ----a-w- C:\WINDOWS\system32\isign32.dll
    2010-11-12 22:34:10 . 2008-07-25 02:34:00 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
    2010-11-09 14:52:35 . 2004-08-11 23:00:25 249856 ----a-w- C:\WINDOWS\system32\odbc32.dll
    2010-11-06 00:26:58 . 2004-08-11 23:00:37 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
    2010-11-06 00:26:58 . 2004-08-11 23:00:18 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
    2010-11-06 00:26:58 . 2004-08-11 23:00:17 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
    2010-11-03 12:25:54 . 2004-08-11 23:00:16 385024 ----a-w- C:\WINDOWS\system32\html.iec
    2010-11-02 15:17:02 . 2004-08-11 23:00:23 40960 ----a-w- C:\WINDOWS\system32\drivers\ndproxy.sys
    2010-10-28 13:13:22 . 2004-08-11 23:00:01 290048 ----a-w- C:\WINDOWS\system32\atmfd.dll
    2010-10-26 13:25:00 . 2004-08-11 23:00:37 1853312 ----a-w- C:\WINDOWS\system32\win32k.sys
    2009-06-06 17:48:14 . 2009-06-06 17:48:14 3371384 ----a-w- C:\Program Files\mbam-setup.exe
    2008-06-29 04:31:30 . 2008-06-29 04:31:27 56826856 ----a-w- C:\Program Files\setpoint460.exe
    2008-12-17 21:59:30 . 2009-11-02 05:13:37 67688 ----a-w- C:\Program Files\mozilla firefox\components\jar50.dll
    2008-12-17 21:59:31 . 2009-11-02 05:13:37 54368 ----a-w- C:\Program Files\mozilla firefox\components\jsd3250.dll
    2008-12-17 21:59:32 . 2009-11-02 05:13:37 34944 ----a-w- C:\Program Files\mozilla firefox\components\myspell.dll
    2008-12-17 21:59:33 . 2009-11-02 05:13:37 46712 ----a-w- C:\Program Files\mozilla firefox\components\spellchk.dll
    2008-12-17 21:59:35 . 2009-11-02 05:13:37 172136 ----a-w- C:\Program Files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update "= "C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-03 04:40:25 135664]
    "Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [2011-01-03 21:44:14 15028104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix "= "C:\ComboFix\CF11956.cfxxe" [X]
    "NVHotkey "= "nvHotkey.dll" [2006-01-19 14:14:00 73728]
    "SigmatelSysTrayApp "= "stsystra.exe" [2006-03-24 22:30:44 282624]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-06-29 17:13:32 1032192]
    "SunJavaUpdateSched "= "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 17:44:46 248552]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 14:14:00 7401472]
    "DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 10:20:00 122940]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2009-11-02 03:03:30 417792]
    "nwiz "= "nwiz.exe" [2006-01-19 14:14:00 1519616]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-29 08:12:38 76304]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 22:50:18 81920]
    "Document Manager "= "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 13:32:54 102400]
    "Apoint "= "C:\Program Files\Apoint\Apoint.exe" [2005-10-07 18:13:38 176128]
    "ISUSPM Startup "= "c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 22:50:42 221184]
    "googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]
    "ContentTransferWMDetector.exe "= "C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 21:05:58 497000]
    "Malwarebytes Anti-Malware (reboot) "= "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 00:08:46 963976]
    "MSC "= "c:\Program Files\Microsoft Security Client\msseces.exe" [2010-11-30 19:20:36 997408]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 18:49:36 35736]
    "Adobe ARM "= "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 18:49:34 932288]
    "COMODO Internet Security "= "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-13 22:01:35 2548040]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Taskman "=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 07:42:30 72208 ----a-w- c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
    "C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe "=
    "C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "C:\\Program Files\\uTorrent\\uTorrent.exe "=
    "C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe "=
    "C:\\xampp\\mysql\\bin\\mysqld.exe "=
    "C:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe "=
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
    "C:\\Program Files\\Macromedia\\Flash MX\\Flash.exe "=
    "C:\\Documents and Settings\\Sergei Prigara\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "=

    S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\system32\drivers\cmdGuard.sys [12/29/2010 1:41:26 AM 239368]
    S1 cmdHlp;COMODO Internet Security Helper Driver;C:\WINDOWS\system32\drivers\cmdhlp.sys [12/29/2010 1:41:28 AM 27576]
    S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25:48 PM 12872]
    S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41:30 PM 67656]
    S2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [12/9/2008 5:10:14 PM 24636]
    S3 GTKCMOS;GTKCMOS;C:\WINDOWS\system32\GTKCMOS.sys [6/15/2004 1:55:56 PM 7882]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2/27/2010 8:56:12 PM 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2/27/2010 8:56:12 PM 8320]
    S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\drivers\prodigy.sys [2/27/2010 7:21:34 PM 32377]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34:12 . 2008-07-30 18:34:12]

    2011-01-23 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2035379329-1741775744-3220261347-1005Core.job
    - C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 04:40:26 . 2009-11-03 04:40:25]

    2011-01-23 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2035379329-1741775744-3220261347-1005UA.job
    - C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 04:40:26 . 2009-11-03 04:40:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://today.ask.com/dvdvideosoft?o=13162&l=dis
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-23 19:20:17
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose, ZwOpenFile

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2035379329-1741775744-3220261347-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC2F378D-3371-11F1-C66B-6FA2D3FFA350}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iafplbalkmabgficgi "=hex:69,61,6c,66,70,6d,6d,64,65,70,63,61,6b,66,63,61,70,68,
    00,00
    "hahonaclildhmomj "=hex:69,61,6c,66,70,6d,6d,64,65,70,63,61,6b,66,63,61,70,68,
    00,00
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(972)
    C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    C:\WINDOWS\system32\WININET.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'lsass.exe'(1028)
    C:\WINDOWS\system32\guard32.dll

    - - - - - - - > 'explorer.exe'(792)
    C:\WINDOWS\system32\WININET.dll
    C:\WINDOWS\system32\guard32.dll
    C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
    C:\WINDOWS\system32\ieframe.dll
    C:\WINDOWS\system32\webcheck.dll
    C:\WINDOWS\system32\WPDShServiceObj.dll
    C:\WINDOWS\system32\PortableDeviceTypes.dll
    C:\WINDOWS\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-23 19:25:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-24 01:25:20

    Pre-Run: 74,640,584,704 bytes free
    Post-Run: 72,479,813,632 bytes free

    - - End Of File - - 50B912D8D4CE8CBF93F0A9F9606535E1
     
    810311,
    #38
  20. 2011/01/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    RegNull::
[HKEY_USERS\S-1-5-21-2035379329-1741775744-3220261347-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC2F378D-3371-11F1-C66B-6FA2D3FFA350}*]

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=-

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #39
  21. 2011/01/24
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    hi broni,

    please, see report below:


    ComboFix 11-01-23.03 - Sergei Prigara 01/24/2011 20:06:45.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.2046.1294 [GMT -6:00]
    Running from: C:\Documents and Settings\Sergei Prigara\My Documents\downloads\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Sergei Prigara\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
    .

    2011-01-24 22:19:21 . 2011-01-13 09:41:52 5890896 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CD0E5AE-9EDE-4092-8B2A-4282EFAA1210}\mpengine.dll
    2011-01-13 03:31:33 . 2011-01-13 03:31:33 -------- d-----w- C:\!KillBox
    2011-01-13 02:47:26 . 2008-04-14 06:10:52 12288 ----a-w- C:\WINDOWS\system32\dllcache\4mmdat.sys
    2011-01-13 02:45:45 . 2004-08-04 10:00:00 11264 ----a-w- C:\WINDOWS\system32\dllcache\1394vdbg.sys
    2011-01-13 02:45:31 . 2004-08-04 10:00:00 7168 ----a-w- C:\WINDOWS\system32\dllcache\wamregps.dll
    2011-01-13 02:44:59 . 2001-08-17 20:56:04 66048 ----a-w- C:\WINDOWS\system32\dllcache\s3legacy.dll
    2011-01-13 02:43:33 . 2004-08-04 10:00:00 7680 ----a-w- C:\WINDOWS\system32\dllcache\inetmgr.exe
    2011-01-13 02:43:33 . 2004-08-04 10:00:00 19968 ----a-w- C:\WINDOWS\system32\dllcache\inetsloc.dll
    2011-01-13 02:43:32 . 2004-08-04 10:00:00 169984 ----a-w- C:\WINDOWS\system32\dllcache\iisui.dll
    2011-01-13 02:43:31 . 2004-08-04 10:00:00 5632 ----a-w- C:\WINDOWS\system32\dllcache\iisrstap.dll
    2011-01-13 02:43:31 . 2004-08-04 10:00:00 14336 ----a-w- C:\WINDOWS\system32\dllcache\iisreset.exe
    2011-01-13 02:43:27 . 2004-08-04 10:00:00 6144 ----a-w- C:\WINDOWS\system32\dllcache\ftpsapi2.dll
    2011-01-09 03:28:03 . 2008-04-14 11:42:08 189440 ----a-w- C:\WINDOWS\system32\dllcache\smtpadm.dll
    2011-01-09 03:28:03 . 2008-04-14 11:42:08 10752 ------w- C:\WINDOWS\system32\smtpapi.dll
    2011-01-09 03:28:03 . 2008-04-14 11:42:06 9728 ------w- C:\WINDOWS\system32\rwnh.dll
    2011-01-09 03:28:02 . 2008-04-14 11:41:56 81920 ------w- C:\WINDOWS\system32\ieencode.dll
    2011-01-09 03:27:55 . 2008-04-14 11:41:50 290816 ----a-w- C:\WINDOWS\system32\dllcache\adsiis51.dll
    2011-01-09 03:27:54 . 2008-04-14 11:41:56 829440 ----a-w- C:\WINDOWS\system32\dllcache\inetmgr.dll
    2011-01-09 03:27:40 . 2008-04-14 11:41:56 68608 ----a-w- C:\WINDOWS\system32\dllcache\iisext51.dll
    2011-01-09 03:27:33 . 2008-04-14 11:41:56 68608 ----a-w- C:\WINDOWS\system32\dllcache\isatq.dll
    2011-01-09 03:27:33 . 2008-04-14 11:41:56 13312 ----a-w- C:\WINDOWS\system32\dllcache\infoadmn.dll
    2011-01-09 03:27:28 . 2008-04-14 11:41:56 64512 ----a-w- C:\WINDOWS\system32\dllcache\iismap.dll
    2011-01-09 03:27:28 . 2008-04-14 11:41:50 43520 ----a-w- C:\WINDOWS\system32\dllcache\admwprox.dll
    2011-01-09 03:27:26 . 2008-04-14 11:42:24 30720 ----a-w- C:\WINDOWS\system32\dllcache\iisrstas.exe
    2011-01-09 03:27:26 . 2008-04-14 11:41:56 133632 ----a-w- C:\WINDOWS\system32\dllcache\iisrtl.dll
    2011-01-09 03:27:26 . 2008-04-14 11:41:52 46592 ----a-w- C:\WINDOWS\system32\dllcache\coadmin.dll
    2011-01-09 03:27:25 . 2008-04-14 11:42:08 8192 ----a-w- C:\WINDOWS\system32\dllcache\staxmem.dll
    2011-01-07 22:02:52 . 2011-01-07 22:02:52 -------- d-----w- C:\Program Files\Common Files\Skype
    2011-01-07 22:00:27 . 2011-01-07 22:00:27 -------- d-----w- C:\VritualRoot
    2011-01-07 21:57:09 . 2011-01-07 21:57:09 -------- d-----w- C:\Program Files\COMODO
    2011-01-07 21:53:21 . 2011-01-07 22:08:23 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Comodo
    2011-01-07 21:16:01 . 2011-01-07 21:16:01 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
    2011-01-06 22:36:56 . 2011-01-07 22:02:52 -------- d-----r- C:\Program Files\Skype
    2011-01-03 21:33:09 . 2011-01-04 04:11:20 -------- d-----w- C:\Program Files\Microsoft
    2011-01-03 21:32:32 . 2011-01-04 03:51:36 -------- d-----w- C:\Program Files\Unlocker
    2010-12-31 04:01:17 . 2011-01-13 09:41:52 5890896 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-30 03:40:09 . 2010-11-13 00:53:06 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
    2010-12-30 03:40:09 . 2010-11-13 00:53:06 472808 ----a-w- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-30 03:02:23 . 2010-10-19 16:41:44 222080 ------w- C:\WINDOWS\system32\MpSigStub.exe
    2010-12-30 01:56:52 . 2010-12-30 02:57:18 -------- d-----w- C:\Program Files\Microsoft Security Client
    2010-12-29 07:42:04 . 2010-12-29 07:42:04 285480 ----a-w- C:\WINDOWS\system32\guard32.dll
    2010-12-29 07:41:28 . 2011-01-13 22:01:42 94784 ----a-w- C:\WINDOWS\system32\drivers\inspect.sys
    2010-12-29 07:41:28 . 2011-01-13 22:01:42 27576 ----a-w- C:\WINDOWS\system32\drivers\cmdhlp.sys
    2010-12-29 07:41:26 . 2011-01-13 22:01:42 15592 ----a-w- C:\WINDOWS\system32\drivers\cmderd.sys
    2010-12-29 07:41:26 . 2011-01-13 22:01:41 239368 ----a-w- C:\WINDOWS\system32\drivers\cmdGuard.sys
    2010-12-28 01:03:32 . 2010-12-28 01:03:32 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData
    2010-12-26 06:02:46 . 2010-12-21 00:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2010-12-26 06:02:43 . 2010-12-26 06:02:47 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2010-12-26 06:02:43 . 2010-12-21 00:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-02 03:35:18 . 2010-12-02 03:35:18 4280320 ----a-w- C:\WINDOWS\system32\GPhotos.scr
    2010-11-18 18:12:44 . 2004-08-11 23:12:50 81920 ----a-w- C:\WINDOWS\system32\isign32.dll
    2010-11-12 22:34:10 . 2008-07-25 02:34:00 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
    2010-11-09 14:52:35 . 2004-08-11 23:00:25 249856 ----a-w- C:\WINDOWS\system32\odbc32.dll
    2010-11-06 00:26:58 . 2004-08-11 23:00:37 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
    2010-11-06 00:26:58 . 2004-08-11 23:00:18 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
    2010-11-06 00:26:58 . 2004-08-11 23:00:17 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
    2010-11-03 12:25:54 . 2004-08-11 23:00:16 385024 ----a-w- C:\WINDOWS\system32\html.iec
    2010-11-02 15:17:02 . 2004-08-11 23:00:23 40960 ----a-w- C:\WINDOWS\system32\drivers\ndproxy.sys
    2010-10-28 13:13:22 . 2004-08-11 23:00:01 290048 ----a-w- C:\WINDOWS\system32\atmfd.dll
    2009-06-06 17:48:14 . 2009-06-06 17:48:14 3371384 ----a-w- C:\Program Files\mbam-setup.exe
    2008-06-29 04:31:30 . 2008-06-29 04:31:27 56826856 ----a-w- C:\Program Files\setpoint460.exe
    2008-12-17 21:59:30 . 2009-11-02 05:13:37 67688 ----a-w- C:\Program Files\mozilla firefox\components\jar50.dll
    2008-12-17 21:59:31 . 2009-11-02 05:13:37 54368 ----a-w- C:\Program Files\mozilla firefox\components\jsd3250.dll
    2008-12-17 21:59:32 . 2009-11-02 05:13:37 34944 ----a-w- C:\Program Files\mozilla firefox\components\myspell.dll
    2008-12-17 21:59:33 . 2009-11-02 05:13:37 46712 ----a-w- C:\Program Files\mozilla firefox\components\spellchk.dll
    2008-12-17 21:59:35 . 2009-11-02 05:13:37 172136 ----a-w- C:\Program Files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update "= "C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-03 04:40:25 135664]
    "Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [2011-01-03 21:44:14 15028104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVHotkey "= "nvHotkey.dll" [2006-01-19 14:14:00 73728]
    "SigmatelSysTrayApp "= "stsystra.exe" [2006-03-24 22:30:44 282624]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-06-29 17:13:32 1032192]
    "SunJavaUpdateSched "= "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 17:44:46 248552]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 14:14:00 7401472]
    "DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 10:20:00 122940]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2009-11-02 03:03:30 417792]
    "nwiz "= "nwiz.exe" [2006-01-19 14:14:00 1519616]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-29 08:12:38 76304]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 22:50:18 81920]
    "Document Manager "= "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 13:32:54 102400]
    "Apoint "= "C:\Program Files\Apoint\Apoint.exe" [2005-10-07 18:13:38 176128]
    "ISUSPM Startup "= "c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 22:50:42 221184]
    "googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]
    "ContentTransferWMDetector.exe "= "C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 21:05:58 497000]
    "Malwarebytes Anti-Malware (reboot) "= "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 00:08:46 963976]
    "MSC "= "c:\Program Files\Microsoft Security Client\msseces.exe" [2010-11-30 19:20:36 997408]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 18:49:36 35736]
    "Adobe ARM "= "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 18:49:34 932288]
    "COMODO Internet Security "= "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-13 22:01:35 2548040]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 07:42:30 72208 ----a-w- c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
    "C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe "=
    "C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "C:\\Program Files\\uTorrent\\uTorrent.exe "=
    "C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe "=
    "C:\\xampp\\mysql\\bin\\mysqld.exe "=
    "C:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe "=
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
    "C:\\Program Files\\Macromedia\\Flash MX\\Flash.exe "=
    "C:\\Documents and Settings\\Sergei Prigara\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "=

    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\system32\drivers\cmdGuard.sys [12/29/2010 1:41:26 AM 239368]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\WINDOWS\system32\drivers\cmdhlp.sys [12/29/2010 1:41:28 AM 27576]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25:48 PM 12872]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41:30 PM 67656]
    R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [12/9/2008 5:10:14 PM 24636]
    S3 GTKCMOS;GTKCMOS;C:\WINDOWS\system32\GTKCMOS.sys [6/15/2004 1:55:56 PM 7882]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2/27/2010 8:56:12 PM 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2/27/2010 8:56:12 PM 8320]
    S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\drivers\prodigy.sys [2/27/2010 7:21:34 PM 32377]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34:12 . 2008-07-30 18:34:12]

    2011-01-25 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2035379329-1741775744-3220261347-1005Core.job
    - C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 04:40:26 . 2009-11-03 04:40:25]

    2011-01-25 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2035379329-1741775744-3220261347-1005UA.job
    - C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 04:40:26 . 2009-11-03 04:40:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://today.ask.com/dvdvideosoft?o=13162&l=dis
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-24 20:18:31
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose, ZwOpenFile

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(972)
    C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    C:\WINDOWS\system32\WININET.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'lsass.exe'(1028)
    C:\WINDOWS\system32\guard32.dll

    - - - - - - - > 'explorer.exe'(7880)
    C:\WINDOWS\system32\WININET.dll
    C:\WINDOWS\system32\guard32.dll
    C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
    C:\WINDOWS\system32\ieframe.dll
    C:\WINDOWS\system32\webcheck.dll
    C:\WINDOWS\system32\WPDShServiceObj.dll
    C:\WINDOWS\system32\PortableDeviceTypes.dll
    C:\WINDOWS\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-24 20:22:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-25 02:22:16
    ComboFix2.txt 2011-01-24 01:25:24

    Pre-Run: 72,265,584,640 bytes free
    Post-Run: 72,291,643,392 bytes free

    - - End Of File - - 3BC4DCE0D3D7A2C2BDA07AEF6AC7B589
     
    810311,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...