PDA

View Full Version : malware attack? comodo corrupted? unable to install spybot.


soseberg
2009-04-01, 21:51
noticed some issues with my comodo firewall sw this weekend so i tried to update. when attempting to update, i was asked to uninstall the existing version, but got an error saying a file is missing. i got the same error when attempting to to use add/remove programs to remove comodo. then i was going to use spybot to see if any malware might be detected. i was unable to update using the auto-updater. since i didn't remember (& didn't double check) for the manual download, i decided to unstall my current version and then re-install the most current version which is now dowmloaded to my desktop (spybotsd162.exe). when i attempt to run the exe i get an error when i get to the download step of the installer...'server name or address could not be resolved'. i have posted this in the spybot section, but i am thinking one of my boys may have screwed up something over the weekend while i was gone...

i have saved a copy of the registry using ERUNT, and run HJT. here is a copy of the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:03, on 2009-04-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\soseberg\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222260121828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222260100609
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10903 bytes
Shaba
2009-04-04, 13:43
Hi soseberg

Is this a personal computer?
soseberg
2009-04-05, 02:20
my cousin is visiting calif from from norway so i will only have intermittent email access while we are off pretending to be cowboys =) i think you may have helped me last i had an issue around aug last year.
Shaba
2009-04-05, 10:54
So then we will continue with this:


Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)

Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other unning programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan.
soseberg
2009-04-05, 17:47
when i am back from sightseeing =)
Shaba
2009-04-05, 17:57
OK, take your time :)
soseberg
2009-04-08, 02:44
i am back w/my computer now and FINALLY have it to the point where it is semi-usable - it's running but performance is HORRIBLE! i returned to what looked like a failing wireless card last nite & my computer would keep locking up to where i had to perform a hard power re-cycle to restart the machine...still having a wireless issue, luckily i found an ethernet cable. anyway, will get started with your suggestions you posted a few days back, but i am wondering if you noted any suspicious activity via my earlier hjt log posted...
Shaba
2009-04-08, 06:09
HijackThis log is fine.

Please post next gmer log as requested :)
soseberg
2009-04-08, 22:43
started running gamer just after posting my earlier reply. it ran over 4 hours b4 i decided to go to bed. this morning the computer had a blue screen so i cycled power to shut down and restart. then i reconnected the ethernet.

the windows errors from the crash are as follows:

error signature:
BCCode : 10000050 BCP1 : FB59F004 BCP2 : 00000000 BCP3 : EDD964F0
BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 256_1

error report content files:
C:\DOCUME~1\soseberg\LOCALS~1\Temp\WER2762.dir00\Mini040809-01.dmp
C:\DOCUME~1\soseberg\LOCALS~1\Temp\WER2762.dir00\sysdata.xml

let me know if the error files are of interest & i will send them.

upon power on, the screen is now white - in active desktop recovery mode, with a lite blue triangle containing an "!". i don't think this is the same as "safe mode" - what do i do to tell the computer i want to run un safemode?
soseberg
2009-04-08, 23:51
just remembered to press F8 wile booting to get safe mode option. hopefully running gmer is faster while running in safe mode. stand by for results =)
disconnecting ethernet =)
soseberg
2009-04-09, 06:25
when i am running in safemode, my password is not recognized. very wierd. anything to do to resolve this? should i try gmer again running regular mode?
soseberg
2009-04-09, 06:27
when i am running in safemode, my password is not recognized. very wierd. anything to do to resolve this? should i try gmer again running regular mode? i am worried my machine will just blue screen again. what do you think?
Shaba
2009-04-09, 11:10
That indicates hardware issues.

I can redirect you to some windows for that if you like to?
soseberg
2009-04-10, 04:07
since safemode does not recognize my usual login, that indicates a HW issue? i wouldn't have guessed that. or is it the windows error codes that indicate a possible hw issue?

any trouble shooting resources you know of are greatly appreciated.

also, i am unable to recover my active desktop. the 'restore active desktop' button has not worked since you helped me with this machine last time - i have since used desktop properties to restore. this no longer works since running gmer the first time a few days ago & the machine crashing.

HW issues may explain some of the strange behaviors i am seeing. there is also something weird going on with my wireless card, and is a 'safely remove harware' icon in my tray associated with my d: drive...

all of these issues started when the comodo firewall started misbehaving
...right after upgrading from IE8-beta to IE8. IE8 takes minutes (like 5-10) to open.

meanwhile - before your last reply, i decided to try gmer again - this time it completed successfully. txt file follows in next 2-posts w/wordwrap disabled (since it exceeds 64k characters).
soseberg
2009-04-10, 04:10
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-09 17:47:08
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF3A08C8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF37F56B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xF3A083C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xF3A088A0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF37F5574]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xF3A08080]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xF3A0A084]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF3A08E72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThread [0xF3A07C50]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteKey [0xF3A090B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF37F5A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF37F514C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xF3A09D24]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xF3A08AB0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF37F564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF37F508C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xF3A08744]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF37F50F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF37F576E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xF3A097F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF3A08196]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF37F572E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xF3A09AE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xF3A09EC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF37F58AE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xF3A085D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xF3A08638]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0xF3A07F4A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xF3A07E18]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\spoolsv.exe[372] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[668] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\winlogon.exe[712] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\services.exe[756] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\lsass.exe[768] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\ctfmon.exe[832] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\Ati2evxx.exe[932] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[948] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] USER32.DLL!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] USER32.DLL!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] USER32.DLL!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1032] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[1128] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Messenger\msmsgs.exe[1320] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1428] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003A5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003A4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 003A1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 003A1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 003A13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [48, 88]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003A4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003A16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003A1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003A4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003A4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
soseberg
2009-04-10, 04:12
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00385060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00384F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 00381860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 00381230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 003813C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [46, 88]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00384C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003816D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00381550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00384960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00384AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\iPod\bin\iPodService.exe[2560] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Apoint\Apntex.exe[2588] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Skype\Phone\Skype.exe[2672] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\alg.exe[2720] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00365060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00364F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00364C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003616D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00361550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 00361860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 00361230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 003613C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [44, 88]
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00364960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00364AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\LMabcoms.exe[3028] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[3324] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Secunia\PSI\psi.exe[3328] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\Explorer.EXE[3572] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003D5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003D4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 003D1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 003D1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 003D13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [4B, 88]
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003D4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003D16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003D1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003D4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003D4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003B5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003B4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003B4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003B16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003B1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 003B1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 003B1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 003B13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [49, 88]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003B4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003B4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F82A8990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F82A8990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F82A8990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F82A8990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F82A8990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F82A8990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fastfat \Fat EFE4BC8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----
Shaba
2009-04-10, 10:02
GMER log is fine.

One thing to try might be uninstalling comodo and trying some other firewall instead. Or then you can try to revert comodo to older version.
Shaba
2009-04-14, 07:40
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.
Shaba
2009-04-16, 18:04
Reopened upon request.
soseberg
2009-04-16, 19:08
please excuse my delayed response - i have been offline for several days & just found your post re my gmer log in my spam folder =(

i do have additional questions. any advice is greatly appreciated.

you mentioned i may have a hardware problem and that you know of some troubleshooting resources that may help. my machine is nearly unusable since it is SOOOO SLOW!

could possible HW issues prevent the installation/update of comodo & spybot SW? since safemode does not recognize my usual login, does that indicates a HW issue?

HW issues may explain some of the strange behaviors i am seeing. there is something weird going on with my wireless card, and there is a 'safely remove harware' icon in my tray associated with my d: drive...

all of these issues started when the comodo firewall started misbehaving
...right after upgrading from IE8-beta to IE8 and IE8 now takes minutes (like 5-10) to open.

Meanwhile, i will try installing comodo & spybot again. they are both already removed.
Shaba
2009-04-16, 19:15
Another thing which is worth trying is to remove IE8 to see if it helps.
soseberg
2009-04-16, 19:25
yes, i have been thinking i might remove ie8.

looking at my gmer log, you are certain there is no possible malware?

is there anything i should do to check for possible hardware issues?
Shaba
2009-04-16, 19:34
We will look deeper if those don't help.

I don't see any obvious signs of malware in logs you have posted.
soseberg
2009-04-17, 01:08
i downloaded the current comodo.com download file CIS_setup_3.8.65951.477_xp_vista_x32 & attempted to run the file. the installer/extractor claims that there is an older version installed that should be removed & asks if i would like to uninstall. when i choose <yes>, the msg and the installer/extracter interfaces both disappear. when i look at the add/remove programs interface, comodo is not there. i also searched my machine for comodo or cis and no files are found (except the download on my desktop). could there be something remaining in the registry that prompts the comodo installer to think comodo is already installed?
Shaba
2009-04-17, 07:21
That is possible.

This (http://forums.majorgeeks.com/showthread.php?t=149893) might help.
soseberg
2009-04-17, 09:08
hmmm - i think we had a similar issue when you helped me last time and we were trying to uninstall the symantec norton antivirus - you helped me phnysically remove the registry entries that remained...interestingly enought - there is something left on my computer that causes secunia to believe there is still symantec sw on my machine.

i would think that the firewall installer/uninstaller provided by comodo should work and should take care of the registry - unless something is corrupted or some malware hosed something or other...

i will read through the majorgeek forum posts you suggest to see if i might effect different results.
soseberg
2009-04-17, 09:10
downloaded spybotsd162.exe to desktop & went thru the wizard selecting the following settings & then selected <install>; a screen called file download appears stating that 'setup is downloading additional files to your computer'. after a few minutes, i get a msg 'error sending request.', 'the server name or address could not be resolved'

Destination location:
C:\Program Files\Spybot - Search & Destroy

Setup type:
Full installation

Selected components:
Main files
Additional languages
Skins to change appearance
Download updates immediately
Separate Secure Shredder application

Start Menu folder:
Spybot - Search & Destroy

Additional tasks:
Additional icons:
Create desktop icons
Create a Quick Launch icon
Permanent protection:
Use Internet Explorer protection (SDHelper)
Use system settings protection (TeaTimer)
Shaba
2009-04-17, 13:41
Unfortunately uninstallers don't always work that well. Comodo has had problems with that at least in the past.

Have you allowed spybot installer from your firewall?
soseberg
2009-04-17, 21:46
well...
i think the answer to your question is no. i installed spybot prior to installing the comodo firewall, so i never actually told comodo that spybot was ok - at this point, since comodo is 'somewhat uninstalled', i don't know how i would allow spybot to install via comodo.
Shaba
2009-04-18, 14:22
I see.

We could attempt to resolve situation but I think that repair installation of windows is the easiest and most reasonable way here.
soseberg
2009-04-19, 08:05
ok. so rather than figuring our what's going on with comodo, we should repair windows? do you think that will get me to a point where i may reinstall comodo & spybot? do i need to back up any files?

here is what we did last time:
http://forums.spybot.info/showthread.php?t=34557
Shaba
2009-04-19, 10:33
Well I am afraid that it is not only comodo which is causing this.

If you like, we can attempt to remove comodo remnants.
soseberg
2009-04-19, 23:57
yes, i agree - something is causing problems with comodo, spybot and windows. if you think it would facilitate windows repair by dealing with the comodo issues first, then lets start there - otherwise lets repair windows first.
Shaba
2009-04-20, 06:06
OK, let's start with comodo then.

Download RegSearch (http://download.bleepingcomputer.com/steelwerx/regsearch.zip) by Bobbi Flekman.

Create a folder in your C: drive C:\Regsearch, and extract all the files from the zip archive into that folder.
Double click regsearch.exe to launch the programme.
Copy/Paste the following into the Search Box Comodo
Click OK.

Regsearch will now search your Registry for the required strings, when it is finished it will open a Notepad file RegSearch.txt, saved to the Regsearch folder.

Copy/Paste that file into your next post.
soseberg
2009-04-20, 23:15
done! the files is over half a meg (532K) - sending as a zip attachment

"The text that you have entered is too long (532164 characters). Please shorten it to 64000 characters long."
Shaba
2009-04-21, 06:52
That is a long one.

I will post back fix a bit later today.
Shaba
2009-04-21, 16:15
This should take care of most, we will handle rest in the next round.


Please use the following link to download ERUNT (http://aumha.org/downloads/erunt-setup.exe)
Use the setup program to install ERUNT on your computer

Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERDNT.exe

Open Notepad and copy the contents of the following box to a new file.


Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"COMODO Firewall Pro"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdAgent]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdGuard]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdHlp]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Inspect]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdAgent]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdGuard]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdHlp]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Inspect]

[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdGuard]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdHlp]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inspect]

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\BillP Studios\Detected\ActiveTasks]
"C:\\PROGRAM FILES\\COMODO\\Firewall\\cmdagent.exe"=-
"C:\\PROGRAM FILES\\COMODO\\Firewall\\cfp.exe"=-
"C:\\PROGRAM FILES\\COMODO\\Firewall\\cfpupdat.exe"=-

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\BillP Studios\Detected\Services]
"C:\\Program Files\\COMODO\\Firewall\\cmdagent.exe"=-

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\BillP Studios\Detected\Startup]
"C:\\Program Files\\COMODO\\Firewall\\cfp.exe -h"=-

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\BillP Studios\WinPatrol\Run]
"C:\\Program Files\\COMODO\\Firewall\\cfp.exe -h"=-

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\BillP Studios\WinPatrol\Services]
"COMODO Firewall Pro Helper Service"=-

[-HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\CFP\cfp\COMODO Firewall Pro]

[-HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\ComodoGroup]

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"=-

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\Microsoft\Search Assistant\ACMru\5603]
"001"=-

[-HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\COMODO]

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\soseberg\\LOCALS~1\\Temp\\WZSE1.TMP\\CIS_Setup_3.8.65951.477_XP_Vista_x32.exe"=-


Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Go to Desktop, double-click fix.reg and merge the infomation with the registry.

Reboot.

Do another search for comodo and post back results, please.
soseberg
2009-04-24, 19:59
for some reason i didn't get an email letting me know that you had responded oi m just looking at this today (when i decided to check the forum). i am not at my computer right now, so i will look at this tomorrow.
Shaba
2009-04-24, 20:20
OK, thanks for update :)
soseberg
2009-04-27, 10:35
finally got to this today =) friday ended up a very very long day...

the new regsearch on comodo is much better - at least manageable this time=)

still too large to copy - 107743 characters - zip file attached
Shaba
2009-04-27, 12:00
Looks like there might be permission issue.

Did you include this to fix.reg?

[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo]
soseberg
2009-04-28, 05:10
just checking fix.reg in notepad and [-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo] is included...see attached.
Shaba
2009-04-28, 06:15
Yes so it is then permission issue.


Go here (http://www.microsoft.com/downloads/details.aspx?familyid=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en) and download subinacl.msi
Double click on subinacl.msi to start the installation of Subinacl
Click Next>
Select I accept and click Next>
Click browse
From the drop down menu select C:\
Double click on WINDOWS and then system32
Click OK
Click Install now
Click Finish


Save text below in Notepad as remkeys.bat:


@echo off
FOR %%R IN (
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDAGENT"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDGUARD"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDHLP"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDAGENT"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDGUARD"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDHLP"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INSPECT"
"HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDAGENT"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDGUARD"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDHLP"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT"
"HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\CFP"
"HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\ComodoGroup"
"HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\COMODO"
) Do (
subinacl.exe /subkeyreg %%R /setowner=%username% /grant=%username%=F
reg delete %%R /f
)

Doubleclick remkeys.bat, black dos window will flash; it is normal.

Do another search for comodo and post back results, please.
soseberg
2009-04-28, 07:11
does permission issue mean that i am not allowed to uninstall comodo? have i managed to change my permissions? or is this related to the fact i have forgotten my administrator password?

will start on the next steps right away & pst back the results =)
Shaba
2009-04-28, 07:19
Well at least you don't seem to have rights to delete those keys by default.

Does your user account have admin rights?
Shaba
2009-05-02, 08:55
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.
tashi
2009-05-06, 20:22
Thank you Shaba. :oreo: