malware attack? comodo corrupted? unable to install spybot.

S

soseberg

New member
noticed some issues with my comodo firewall sw this weekend so i tried to update. when attempting to update, i was asked to uninstall the existing version, but got an error saying a file is missing. i got the same error when attempting to to use add/remove programs to remove comodo. then i was going to use spybot to see if any malware might be detected. i was unable to update using the auto-updater. since i didn't remember (& didn't double check) for the manual download, i decided to unstall my current version and then re-install the most current version which is now dowmloaded to my desktop (spybotsd162.exe). when i attempt to run the exe i get an error when i get to the download step of the installer...'server name or address could not be resolved'. i have posted this in the spybot section, but i am thinking one of my boys may have screwed up something over the weekend while i was gone...

i have saved a copy of the registry using ERUNT, and run HJT. here is a copy of the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:03, on 2009-04-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\soseberg\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1222260121828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1222260100609
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10903 bytes
 
yes it is my personal computer

my cousin is visiting calif from from norway so i will only have intermittent email access while we are off pretending to be cowboys =) i think you may have helped me last i had an issue around aug last year.
 
So then we will continue with this:


Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other unning programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan.
 
any suspicious entries in HJT log?

i am back w/my computer now and FINALLY have it to the point where it is semi-usable - it's running but performance is HORRIBLE! i returned to what looked like a failing wireless card last nite & my computer would keep locking up to where i had to perform a hard power re-cycle to restart the machine...still having a wireless issue, luckily i found an ethernet cable. anyway, will get started with your suggestions you posted a few days back, but i am wondering if you noted any suspicious activity via my earlier hjt log posted...
 
gmer crashed; trying again

started running gamer just after posting my earlier reply. it ran over 4 hours b4 i decided to go to bed. this morning the computer had a blue screen so i cycled power to shut down and restart. then i reconnected the ethernet.

the windows errors from the crash are as follows:

error signature:
BCCode : 10000050 BCP1 : FB59F004 BCP2 : 00000000 BCP3 : EDD964F0
BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 256_1

error report content files:
C:\DOCUME~1\soseberg\LOCALS~1\Temp\WER2762.dir00\Mini040809-01.dmp
C:\DOCUME~1\soseberg\LOCALS~1\Temp\WER2762.dir00\sysdata.xml

let me know if the error files are of interest & i will send them.

upon power on, the screen is now white - in active desktop recovery mode, with a lite blue triangle containing an "!". i don't think this is the same as "safe mode" - what do i do to tell the computer i want to run un safemode?
 
safe mode <F8>

just remembered to press F8 wile booting to get safe mode option. hopefully running gmer is faster while running in safe mode. stand by for results =)
disconnecting ethernet =)
 
unable to login in running in safemode

when i am running in safemode, my password is not recognized. very wierd. anything to do to resolve this? should i try gmer again running regular mode?
 
unable to login in running in safemode

when i am running in safemode, my password is not recognized. very wierd. anything to do to resolve this? should i try gmer again running regular mode? i am worried my machine will just blue screen again. what do you think?
 
That indicates hardware issues.

I can redirect you to some windows for that if you like to?
 
possible HW issue? & gmer output

since safemode does not recognize my usual login, that indicates a HW issue? i wouldn't have guessed that. or is it the windows error codes that indicate a possible hw issue?

any trouble shooting resources you know of are greatly appreciated.

also, i am unable to recover my active desktop. the 'restore active desktop' button has not worked since you helped me with this machine last time - i have since used desktop properties to restore. this no longer works since running gmer the first time a few days ago & the machine crashing.

HW issues may explain some of the strange behaviors i am seeing. there is also something weird going on with my wireless card, and is a 'safely remove harware' icon in my tray associated with my d: drive...

all of these issues started when the comodo firewall started misbehaving
...right after upgrading from IE8-beta to IE8. IE8 takes minutes (like 5-10) to open.

meanwhile - before your last reply, i decided to try gmer again - this time it completed successfully. txt file follows in next 2-posts w/wordwrap disabled (since it exceeds 64k characters).
 
gmer output, part I

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-09 17:47:08
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF3A08C8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF37F56B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xF3A083C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xF3A088A0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF37F5574]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xF3A08080]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xF3A0A084]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF3A08E72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThread [0xF3A07C50]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteKey [0xF3A090B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF37F5A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF37F514C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xF3A09D24]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xF3A08AB0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF37F564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF37F508C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xF3A08744]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF37F50F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF37F576E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xF3A097F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF3A08196]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF37F572E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xF3A09AE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xF3A09EC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF37F58AE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xF3A085D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xF3A08638]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0xF3A07F4A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xF3A07E18]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[204] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[236] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\spoolsv.exe[372] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[372] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[668] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[668] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\winlogon.exe[712] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[712] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\services.exe[756] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[756] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\lsass.exe[768] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[768] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\ctfmon.exe[832] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[832] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\Ati2evxx.exe[932] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[932] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[948] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] USER32.DLL!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] USER32.DLL!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] USER32.DLL!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe[988] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1032] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[1128] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1128] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1224] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1256] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1300] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Messenger\msmsgs.exe[1320] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1320] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1368] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1428] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1428] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1440] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1480] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1532] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003A5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003A4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 003A1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 003A1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 003A13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [48, 88]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003A4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003A16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003A1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003A4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1616] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003A4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1680] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1788] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
 
gmer output, part II

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1804] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1832] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1900] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00385060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00384F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 00381860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 00381230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 003813C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [46, 88]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00384C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003816D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00381550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00384960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2040] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00384AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2116] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2276] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2340] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[2404] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\iPod\bin\iPodService.exe[2560] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Apoint\Apntex.exe[2588] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Apoint\Apntex.exe[2588] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Skype\Phone\Skype.exe[2672] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2672] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\alg.exe[2720] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2720] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00365060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00364F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00364C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003616D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00361550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 00361860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 00361230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 003613C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [44, 88]
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00364960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.3\J2GTray.exe[3004] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00364AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\LMabcoms.exe[3028] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LMabcoms.exe[3028] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[3324] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[3324] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Secunia\PSI\psi.exe[3328] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Secunia\PSI\psi.exe[3328] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\soseberg\Desktop\gmer\gmer.exe[3496] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\Explorer.EXE[3572] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3572] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3860] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3876] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3892] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003D5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003D4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 003D1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 003D1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 003D13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [4B, 88]
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003D4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003D16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003D1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003D4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3936] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003D4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003B5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003B4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003B4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003B16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003B1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 003B1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 003B1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 003B13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [49, 88]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003B4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3964] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003B4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[4048] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F82A8990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F82A8990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F82A8990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F82A8990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F82A8990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F82A8950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F82A8990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F82A8710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F82A8770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fastfat \Fat EFE4BC8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----
 
GMER log is fine.

One thing to try might be uninstalling comodo and trying some other firewall instead. Or then you can try to revert comodo to older version.
 
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.
 
please excuse my delayed response - i have been offline for several days & just found your post re my gmer log in my spam folder =(

i do have additional questions. any advice is greatly appreciated.

you mentioned i may have a hardware problem and that you know of some troubleshooting resources that may help. my machine is nearly unusable since it is SOOOO SLOW!

could possible HW issues prevent the installation/update of comodo & spybot SW? since safemode does not recognize my usual login, does that indicates a HW issue?

HW issues may explain some of the strange behaviors i am seeing. there is something weird going on with my wireless card, and there is a 'safely remove harware' icon in my tray associated with my d: drive...

all of these issues started when the comodo firewall started misbehaving
...right after upgrading from IE8-beta to IE8 and IE8 now takes minutes (like 5-10) to open.

Meanwhile, i will try installing comodo & spybot again. they are both already removed.
 
You must log in or register to reply here.
Back
Top