Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have a keylogger

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I have a keylogger

Unread postby sinclaire » August 12th, 2009, 6:27 pm

So I've picked up what I can only assume is a keylogger by stupidly clicking bad links in the Lord of the Rings Online forums. As a result, my account for LOTRO has been hijacked twice - password changed, e-mail address changed, etc so that I can no longer access it.

After the first incident I did do a scan with AVG and Spybot S&D and got rid of something, but the keylogger is obviously still lurking somewhere.

Any help getting rid of this sucker would be greatly appreciated! Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:51, on 12/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Arucer] rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [WindowBlinds] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBInstall32.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O20 - AppInit_DLLs: ,wbsys.dll C:\WINDOWS\system32\guard32.dll,C:\DOCUME~1\MARVIN~1.OMN\LOCALS~1\Temp\35138mja.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Program Files\Stardock\Fences\DesktopDock.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 5831 bytes
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm
Advertisement
Register to Remove

Re: I have a keylogger

Unread postby tan_pang » August 16th, 2009, 1:51 am

Hello, and Welcome. :)
I am tan_pang and I will assisting you with your malware issues.
Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by an expert. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.
  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please Bookmark or Favourite this page. In case you need it as reference or etc.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: I have a keylogger

Unread postby tan_pang » August 17th, 2009, 8:24 am

As you suspect your computer is infected by a keylogger, a keylogger is a program which composes a log of every key you type, and then sends it to its owner. This gives the creator access to every single keystroke you type.

The following steps should be taken:
  • Disconnect from the internet NOW!
  • If you have ever handled anything related to money (online banking, online shopping, etc), call your bank company and say that you might be a victim of identity theft due to a computer virus which logs keystrokes.
  • Next, change ALL your passwords from a different computer! Do not use them on this computer again, until I tell you you are clean.

==========================================================================

Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

==========================================================================

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.

==========================================================================

Please download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.
If you wish to see the info.txt file on subsequent runs, either delete the C:\rsit\info.txt file or run RSIT.exe with the /info switch.

==========================================================================

In your next post, please post:
  • Malwarebytes' Anti-Malware log
  • SecurityCheck log (checkup.txt)
  • RSIT log (log.txt & info.txt)
  • Your computer condition now
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: I have a keylogger

Unread postby sinclaire » August 17th, 2009, 12:19 pm

Hi there,

I forged ahead on my own since making my original post so there are a few things I need to add.

I did a full scan with avast! but didn't turn up anything.

I changed all my passwords from a separate machine. I have however already used some of them here, after getting clean scans. I will do another round of password changes tonight at separate machine anyway to be safe.

I also did full scans with Ad-Aware Plus and turned up trojans of type HTML/Crypted.Gen and HTML/Spoofed.Gen one day apart, these were removed. Since then I have uninstalled the Flash player plugin for Firefox and added NoFlash. NoScript and Adblock Plus! to Firefox plugins, and for a couple of days now I have seen no sign of reinfection.

I will post again when I have the results of the scans - I have used Malwarebytes' Anti-Malware over the past few days but a fresh scan would probably be in order.
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 17th, 2009, 1:54 pm

MBAM scan results:

Malwarebytes' Anti-Malware 1.40
Database version: 2641
Windows 5.1.2600 Service Pack 2

17/08/2009 18:46:46
mbam-log-2009-08-17 (18-46-46).txt

Scan type: Full Scan (C:\|D:\|E:\|H:\|J:\|)
Objects scanned: 420432
Time elapsed: 1 hour(s), 9 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Marvin Kosh\Local Settings\Application Data\Mozilla\Firefox\Profiles\eotgj80h.default\Cache\E569C25Cd01 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Stardock\Object Desktop\SKS\wise_post.exe (Trojan.BHO) -> Not selected for removal.
C:\Program Files\Stardock\SmartException\wise_post.exe (Trojan.BHO) -> Not selected for removal.
H:\Games\GalCiv2\Twilight\ta_post.exe (Trojan.BHO) -> Not selected for removal.
J:\My Downloads\Suspicious Files\LogonStudio_public.exe (Trojan.BHO) -> Not selected for removal.
J:\My Downloads\Suspicious Files\gimp-2.6.1-i686-setup.exe (Rogue.Installer) -> Not selected for removal.


I opted to remove the first item because the previous two infections used Firefox's Local Settings folder. The other items are either part of the installations of legitimate programs, or can be removed and redownloaded cleanly later on, so I didn't do anything with them yet.


Results of screen317's Security Check version 0.98.8
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Antivirus
AVG 8.5
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner


Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Ad-Aware
Spybot - Search & Destroy 1.5.2.20
Spybot - Search & Destroy
Malwarebytes' Anti-Malware
ThreatFire
HijackThis 2.0.2
Microsoft VM for Java
Java(TM) 6 Update 12
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Reader 9.1.3
``````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!


``````````````````````````````
DNS Vulnerability Check:

GREAT! (Very random)

`````````End of Log```````````

N.B. Comodo Firewall is installed. avast! On-Access scanner and Ad-Watch Live are enabled. And I guess I must have an old version of Spybot kicking around but that's not the one I use.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Marvin Kosh at 2009-08-17 22:26:12
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (29%) free of 30 GB
Total RAM: 1023 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:04, on 17/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
D:\Applications\Mozilla Firefox\firefox.exe
J:\My Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Marvin Kosh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Arucer] rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [WindowBlinds] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBInstall32.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitedefender.co.uk
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O20 - AppInit_DLLs: wbsys.dll ,C:\DOCUME~1\MARVIN~1.OMN\LOCALS~1\Temp\35138mja.dll C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Program Files\Stardock\Fences\DesktopDock.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 6957 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
C:\WINDOWS\tasks\Check e-mail.job
C:\WINDOWS\tasks\DefragC.job
C:\WINDOWS\tasks\DefragD.job
C:\WINDOWS\tasks\DefragE.job
C:\WINDOWS\tasks\DefragH.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
CoTGT_BHO Class - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-18 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-18 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"Arucer"=rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer []
"ScanSoft OmniPage SE 4.0-reminder"=C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe -r C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini []
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"WTClient"=C:\WINDOWS\system32\WTClient.exe [2007-04-11 40960]
"LogonStudio"=C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [2002-09-03 987187]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2009-06-19 259344]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-08-13 1793808]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-08-16 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"=C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe [2007-05-22 521128]
"WindowBlinds"=C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBInstall32.exe [2008-04-28 99752]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2009-04-02 203416]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-23 1948440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boinc]
C:\Program Files\BOINC\boincmgr.exe [2007-07-04 3846912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtxfiReg]
CTXFIREG.exe /FAIL1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Email Notifier]
D:\Applications\NT Email Notifier\NTEmailNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartException]
C:\Program Files\Stardock\SmartException\SmartEx.exe [2006-11-14 87728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-18 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marvin Kosh.OMNILOTH^Start Menu^Programs^Startup^BOINC Manager.lnk]
C:\PROGRA~1\BOINC\boincmgr.exe [2007-07-04 3846912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marvin Kosh.OMNILOTH^Start Menu^Programs^Startup^ImpulseNow.lnk]
C:\PROGRA~1\Stardock\Impulse\Now\IMPULS~1.EXE [2009-07-29 365872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marvin Kosh.OMNILOTH^Start Menu^Programs^Startup^UltraMon.lnk]
C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\Microsoft\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3
"JavaQuickStarterService"=2
"Ati HotKey Poller"=2
"SQLWriter"=3
"MSSQL$SQLEXPRESS"=3
"avg8wd"=2
"avg8emc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll ,C:\DOCUME~1\MARVIN~1.OMN\LOCALS~1\Temp\35138mja.dll C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [2009-02-10 204080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Program Files\Stardock\Fences\DesktopDock.dll [2009-03-18 521576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceStartMenuLogOff"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"H:\Games\Neverwinter Nights 2\nwn2main.exe"="H:\Games\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"H:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe"="H:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"H:\Games\Neverwinter Nights 2\nwupdate.exe"="H:\Games\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"H:\Games\Neverwinter Nights 2\nwn2server.exe"="H:\Games\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"H:\Games\Battle for Middle-earth II\game.dat"="H:\Games\Battle for Middle-earth II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"J:\Games\NWN 2\nwn2main.exe"="J:\Games\NWN 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"J:\Games\NWN 2\nwn2main_amdxp.exe"="J:\Games\NWN 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"J:\Games\NWN 2\nwupdate.exe"="J:\Games\NWN 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"J:\Games\NWN 2\nwn2server.exe"="J:\Games\NWN 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"D:\Applications\Ventrilo\Ventrilo.exe"="D:\Applications\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{559954fe-a061-11dc-8e02-00000000a666}]
shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{559954ff-a061-11dc-8e02-00000000a666}]
shell\AutoRun\command - J:\Autorun.exe


======List of files/folders created in the last 1 months======

2009-08-17 22:26:12 ----D---- C:\rsit
2009-08-16 10:55:38 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-08-15 18:08:02 ----D---- C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\Malwarebytes
2009-08-15 18:07:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-08-15 18:06:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-15 17:05:55 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-14 12:13:43 ----D---- C:\Program Files\Lavasoft
2009-08-14 12:13:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2009-08-13 16:44:22 ----D---- C:\Program Files\Process Monitor
2009-08-13 11:48:32 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-08-13 11:48:32 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-13 11:48:22 ----D---- C:\Program Files\Alwil Software
2009-08-13 09:12:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2009-08-13 09:12:16 ----A---- C:\WINDOWS\system32\guard32.dll
2009-08-13 03:01:35 ----A---- C:\WINDOWS\cfplogvw.INI
2009-08-13 02:43:24 ----D---- C:\Program Files\ThreatFire
2009-08-13 02:32:56 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-08-13 02:32:42 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2009-08-13 02:00:47 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-12 23:02:23 ----D---- C:\Program Files\Trend Micro
2009-08-12 09:31:37 ----D---- C:\Program Files\DAEMON Tools Toolbar

======List of files/folders modified in the last 1 months======

2009-08-17 22:26:50 ----D---- C:\WINDOWS\Temp
2009-08-17 22:26:39 ----D---- C:\WINDOWS\Prefetch
2009-08-17 22:11:05 ----A---- C:\WINDOWS\LogonStudio.ini
2009-08-17 22:10:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-17 22:09:50 ----D---- C:\WINDOWS\system32\drivers
2009-08-17 18:56:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-17 14:57:13 ----SHD---- C:\System Volume Information
2009-08-16 23:16:15 ----RD---- C:\Program Files
2009-08-16 11:09:29 ----A---- C:\WINDOWS\WININIT.INI
2009-08-16 11:01:59 ----D---- C:\WINDOWS
2009-08-16 10:59:07 ----SD---- C:\WINDOWS\Tasks
2009-08-16 10:55:38 ----SHD---- C:\WINDOWS\Installer
2009-08-16 10:49:52 ----D---- C:\WINDOWS\system32
2009-08-15 17:06:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-15 17:05:54 ----HD---- C:\WINDOWS\inf
2009-08-14 19:05:02 ----D---- C:\Program Files\BOINC
2009-08-14 16:09:25 ----SH---- C:\boot.ini
2009-08-14 16:09:25 ----A---- C:\WINDOWS\win.ini
2009-08-14 16:09:25 ----A---- C:\WINDOWS\system.ini
2009-08-14 15:34:22 ----D---- C:\WINDOWS\security
2009-08-14 12:18:44 ----SHD---- C:\WINDOWS\CSC
2009-08-14 12:17:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-14 12:15:34 ----HD---- C:\$AVG8.VAULT$
2009-08-13 22:11:05 ----D---- C:\Documents and Settings
2009-08-13 16:26:32 ----D---- C:\WINDOWS\system32\config
2009-08-13 09:12:09 ----D---- C:\Program Files\COMODO
2009-08-13 02:49:13 ----D---- C:\Program Files\Common Files
2009-08-13 02:00:48 ----D---- C:\WINDOWS\Debug
2009-08-13 00:19:27 ----D---- C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\Comodo
2009-08-12 22:19:20 ----D---- C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\DAEMON Tools Lite
2009-08-12 09:31:37 ----D---- C:\Program Files\DAEMON Tools Lite
2009-08-11 23:27:59 ----A---- C:\moduleName.txt
2009-08-09 08:08:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-08 09:28:28 ----RSD---- C:\WINDOWS\assembly
2009-08-03 07:04:41 ----D---- C:\Program Files\Winamp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-18 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-23 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-07 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-08-13 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-08-13 25160]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-07-07 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-07-07 532376]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 ctgame;Game Port; C:\WINDOWS\system32\DRIVERS\ctgame.sys [2008-07-07 18840]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-07-07 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-07-07 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-07-07 92696]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2008-07-07 797720]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2008-07-07 162840]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-07-07 127512]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 XBCD;XBCD Kernel Module; C:\WINDOWS\System32\Drivers\xbcd.sys [2005-05-13 19212]
S3 acejz7h9;acejz7h9; C:\WINDOWS\system32\drivers\acejz7h9.sys []
S3 aei052mi;aei052mi; C:\WINDOWS\system32\drivers\aei052mi.sys []
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-07-07 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys []
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2007-04-23 18432]
S3 UCharger;Usb Charger Driver; C:\WINDOWS\System32\Drivers\UCharger.sys [2007-05-15 13765]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2007-05-31 12800]
S3 UKS11LDR;M-Audio USB Keystation Loader; C:\WINDOWS\system32\drivers\uks11ldr.sys [2008-09-20 13504]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBKT1X1;M-Audio USB Keystation; C:\WINDOWS\system32\drivers\usbkt1x1.sys [2008-09-20 22304]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-08-13 707152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-16 1029456]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2009-06-19 70928]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2007-05-31 53248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]
S4 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-18 907032]
S4 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-23 298776]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-18 152984]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; D:\Applications\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-08-17 22:27:08

======Uninstall list======

-->"D:\APPLICATIONS\ViaVoice\Bin\vunUK.exe" ProdRunDictate Dc En_UK 'IBM ViaVoice™ Dictation Runtime' C:\WINDOWS\IsUninst.exe -fD:\APPLICATIONS\ViaVoice\RtDict_UK.isu
-->"D:\APPLICATIONS\ViaVoice\Bin\vunUK.exe" ProdRunDictate Dc En_UK 'IBM ViaVoice™ Dictation Runtime' C:\WINDOWS\IsUninst.exe -fD:\APPLICATIONS\ViaVoice\RtDict_UK.isu
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fD:\APPLICATIONS\ViaVoice\tts\vvol50En_UK.isu -c"D:\APPLICATIONS\ViaVoice\tts\\vo50u_UK.dll"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Product/Adobe Studio Update 10/2001-->"C:\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}\setup.exe"
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Anvil Studio-->C:\WINDOWS\system32\AsUninst.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AutoHotkey 1.0.47.06-->C:\Program Files\AutoHotkey\uninst.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BOINC-->MsiExec.exe /I{14DD76C8-F13A-4565-B607-5516E8A9ABFE}
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 User Registration-->C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CEP (Color Enable Package) v.9.0 (beta)-->"D:\Games\zCEP_Uninstaller\unins000.exe"
Colossus Addon Mod 1.0-->E:\Marvin's Documents\SimCity 4\Plugins\a_CAM\uninst.exe
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Dan Elwell's Broadband Speed Test-->"C:\Program Files\Dan Elwell's Broadband Speed Test\unins000.exe"
D-Fend Reloaded 0.7.0 (deinstall)-->"C:\Program Files\D-Fend Reloaded\Uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Energizer UsbCharger v1.0.0-->"C:\Program Files\Energizer UsbCharger\unins000.exe"
FaxTools eXPert-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}\setup.exe" -l0x9
Fences (Free)-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall fences
Fences-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{E94FD7CC-6945-4744-99C3-9BFF40AA2F24}\Fences.exe" REMOVE=TRUE MODIFY=FALSE
Fences-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{E94FD7CC-6945-4744-99C3-9BFF40AA2F24}\Fences.exe
GalCiv II - Twilight of the Arnor-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall gta
Gimp 2.6.1-->"C:\Program Files\GIMP-2.2\setup\unins000.exe"
GTK+ 2.6.4 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB909095)-->"C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
IBM ViaVoice Standard 10.0 - UK English-->"D:\APPLICATIONS\ViaVoice\Bin\uninst_UK.exe" DeleteProdVVFW100Basic_UK
Impulse-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{7EDBFAEE-C619-4CE4-BE01-EDEA39CA0347}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{7EDBFAEE-C619-4CE4-BE01-EDEA39CA0347}\Impulse_setup.exe
InfoManager-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\InfoManager\ST6UNST.LOG"
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
LogonStudio-->C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Lola-->MsiExec.exe /I{282E68BD-3D37-443A-A891-299CF4ED6F0C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU-->D:\Applications\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Visual Studio 6.0 Enterprise Edition-->"C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft VM for Java-->RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Miles Sound Tools-->C:\PROGRA~1\MILESS~1\UNWISE.EXE C:\PROGRA~1\MILESS~1\INSTALL.LOG
Miranda IM 0.7.17-->C:\Program Files\Miranda IM\Uninstall.exe
MoRUN.net Sticker-->MsiExec.exe /X{620797B0-A022-4B57-A95E-CD7DD0325010}
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.5.2)-->D:\Applications\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->D:\Applications\Thunderbird\uninstall\helper.exe
MP3toBMU 0.35-->C:\Program Files\MP3toBMU\uninst.exe
MSDN Library for Visual Studio 2005-->msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
MSDN Library for Visual Studio 2005-->MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe
MyColors Diamond Desktop-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall diamond
Network Addon Mod Version April 2008-->E:\Marvin's Documents\SimCity 4\Plugins\Network Addon Mod\uninst.exe
Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\NVUninst.exe UninstallGUI
NVIDIA nForce Drivers-->C:\WINDOWS\system32\nvuninst.exe Uninstall C:\WINDOWS\system32\NVU001.nvu,NVIDIA nForce Drivers
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RAD Video Tools-->"D:\Applications\RADVideo\uninstall.exe"
Ray Adams ATI Tray Tools-->"C:\Program Files\Ray Adams\ATI Tray Tools\uninstall.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SimCity 4 Deluxe-->H:\Games\SimCity 4 Deluxe\EAUninstall.exe
SimPE 0.72 (alpha)-->"C:\Program Files\SimPE\unins001.exe"
SkinStudio 6 Professional-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall sks
SmartFTP Client 3.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
Sony Sound Forge 7.0-->MsiExec.exe /I{6B629F70-BE1D-456E-AA97-73619020E7A1}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Stardock Central-->C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
Stardock MyColors-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{CED4439A-2AAC-4B94-8453-4969CC2D31F9}\MyColors.exe" REMOVE=TRUE MODIFY=FALSE
Stardock MyColors-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{CED4439A-2AAC-4B94-8453-4969CC2D31F9}\MyColors.exe
Starfleet Command III Patcher-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Taldren\Starfleet Command III Patcher\Patcher.isu"
Starfleet Command Orion Pirates-->C:\WINDOWS\IsUninst.exe -f"D:\Games\Starfleet Command Orion Pirates\Uninst.isu"
StyleXP (remove only)-->"C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
SwapMouseButtons version 2.3-->"C:\Program Files\SwapMouseButtons\unins000.exe"
The Battle for Middle-earth (tm) II-->H:\Games\Battle for Middle-earth II\EAUninstall.exe
The Lord of the Rings Online™: Shadows of Angmar™ v01.05.00.811-->"D:\Games\Lord of the Rings Online\unins000.exe"
The Lord of the Rings, The Rise of the Witch-king-->H:\Games\The Lord of the Rings, The Rise of the Witch King\EAUninstall.exe
The Sims 2 Nightlife-->D:\Games\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->D:\Games\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->D:\Games\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->D:\Games\The Sims 2 University\EAUninstall.exe
The Sims 2-->D:\Games\The Sims 2\EAUninstall.exe
The Sims™ 2 Apartment Life-->D:\Games\The Sims 2 Apartment Life\EAUninstall.exe
The Sims™ 2 Bon Voyage-->D:\Games\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 FreeTime-->D:\Games\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 Seasons-->D:\Games\The Sims 2 Seasons\EAUninstall.exe
ThreatFire-->"C:\Program Files\ThreatFire\unins000.exe"
Turnpike Six-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{312B0A22-CF24-11D3-AB8B-00C04FCF5090}\Setup.exe" -l0x9 TurnpikeAddRemove
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
USB Keyboard Device 1.0.1.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\M-Audio USB Keyboard Device\irunin.ini"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp Essentials Pack-->C:\Program Files\Winamp\UninstallWinampEssentials.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WindowBlinds 6-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall wb6
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordWeb-->D:\Applications\WordWeb\uninst.exe
XBCD 1.07-->C:\Program Files\XBCD\uninst.exe
Zip Motion Block Video codec (Remove Only)-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\ZMBV.INF

=====HijackThis Backups=====

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll [2009-08-12]
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll [2009-08-12]
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll [2009-08-12]
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2009-08-12]
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2009-08-12]
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll [2009-08-15]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free (disabled)
AV: Lavasoft Ad-Watch Live! Anti-Virus
AV: avast! antivirus 4.8.1335 [VPS 090817-0]
FW: COMODO Firewall

======System event log======

Computer Name: OMNILOTH
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00000000A666. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 11951
Source Name: Dhcp
Time Written: 20090419132544.000000+060
Event Type: warning
User:

Computer Name: OMNILOTH
Event Code: 7034
Message: The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

Record Number: 11945
Source Name: Service Control Manager
Time Written: 20090419132456.000000+060
Event Type: error
User:

Computer Name: OMNILOTH
Event Code: 7034
Message: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).

Record Number: 11930
Source Name: Service Control Manager
Time Written: 20090419125054.000000+060
Event Type: error
User:

Computer Name: OMNILOTH
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00000000A666. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 11925
Source Name: Dhcp
Time Written: 20090419111404.000000+060
Event Type: warning
User:

Computer Name: OMNILOTH
Event Code: 1002
Message: The IP address lease 10.0.0.123 for the Network Card with network address 00000000A666 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 11923
Source Name: Dhcp
Time Written: 20090418164808.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: OMNILOTH
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.NetEnterpriseServers.ExceptionMessageBox, Version=9.0.242.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91


Record Number: 1114
Source Name: .NET Runtime Optimization Service
Time Written: 20080201140146.000000+000
Event Type:
User:

Computer Name: OMNILOTH
Event Code: 40
Message: WMI ADAP was unable to create the object Win32_PerfFormattedData_MSSQLSQLEXPRESS_MSSQLSQLEXPRESSBufferManager for Performance Library MSSQL$SQLEXPRESS because error 0x80041002 was returned

Record Number: 1112
Source Name: WinMgmt
Time Written: 20080201140013.000000+000
Event Type: warning
User:

Computer Name: OMNILOTH
Event Code: 40
Message: WMI ADAP was unable to create the object Win32_PerfFormattedData_MSSQLSQLEXPRESS_MSSQLSQLEXPRESSBufferManager for Performance Library MSSQL$SQLEXPRESS because error 0x80041002 was returned

Record Number: 1111
Source Name: WinMgmt
Time Written: 20080201140013.000000+000
Event Type: warning
User:

Computer Name: OMNILOTH
Event Code: 5603
Message: A provider, SQLServerEventProvider, has been registered in the WMI namespace, root\Microsoft\SqlServer\ServerEvents\SQLEXPRESS, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 803
Source Name: WinMgmt
Time Written: 20080201135714.000000+000
Event Type: warning
User: OMNILOTH\Marvin Kosh

Computer Name: OMNILOTH
Event Code: 5603
Message: A provider, SQLServerEventProvider, has been registered in the WMI namespace, root\Microsoft\SqlServer\ServerEvents\SQLEXPRESS, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 802
Source Name: WinMgmt
Time Written: 20080201135714.000000+000
Event Type: warning
User: OMNILOTH\Marvin Kosh

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0a00
"PYTHON"=C:\Program Files\Python26\python.exe
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VS80COMNTOOLS"=D:\Applications\Microsoft Visual Studio 8\Common7\Tools\
"windir"=%SystemRoot%

-----------------EOF-----------------


Current condition:

As I've mentioned, I have taken some measures to avoid further infection from my browser. I've also increased the amount of prompting that Comodo gives me when untrusted processes are accessing files, folders, and the internet. I also get prompting from Ad-Watch Live if the registry is being modified.

I've also loaded up Process Monitor to see if my processes have been doing any strange stuff. Firefox was writing to a temporary file (fla16.tmp) a lot before the first infection was found and quarantined. It's not doing that anymore.

Apart from the result from MBAM (above) I haven't run into any more malicious files.
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby tan_pang » August 19th, 2009, 12:52 pm

Hi,
Please do not attempt any self fixes as this will hinder the malware removal process.
Thank you :)

You are operating your computer with multiple Anti Virus programs running in memory at once:
avast! Antivirus
AVG 8.5


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove one of them.

On the mean time, please either uninstall or disable one of these Anti-Malware program as it cause conflict to each other:
Ad-Aware
Windows Live OneCare safety scanner


====================================================================================

About the other files that found by MBAM, it may possible that those program are not False Positive as it may have some minor malware related features. It is better that you remove it.
However, you can choose to install it after I say this machine is All Clean.
To uninstall program:
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    WindowBlinds 6
    LogonStudio
    Gimp 2.6.1
    GTK+ 2.6.4 runtime environment

    Any other entry that is related to Stardocks

    and click on remove

====================================================================================

Please go to: VirusTotal
  • In the middle of the page you'll find a "Browse" button.
    Image
  • Next to the Browse button you’ll see a box to enter text.
  • Please copy and paste the following bold text in the text box:

    C:\WINDOWS\cfplogvw.INI
  • Then click the "Send File" button just below.
  • This will scan the file (the progress bar will show "Current status: scanning"). Please be patient.
  • Once scanned (the progress bar will display "Current status: finished"), copy and paste the results in your next reply.

====================================================================================

Please download GMER by GMER from here
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic

====================================================================================

Please post these in next post:
  • Virustotal report for cfplogvw.INI
  • GMER log
  • A new RSIT log right before posting
  • And your computer condition now
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: I have a keylogger

Unread postby sinclaire » August 19th, 2009, 8:31 pm

I posted earlier but it was eaten.

Stuff has been uninstalled. Windowblinds had to be reinstalled and uninstalled due to uninstaller not working.

AVG and Windows Live Onecare are currently disabled (the latter hasn't been used in months, the former I opted to disable because of the memory issue).




C:\WINDOWS\cfplogvw.INI was clean - it was shown to be a simple initialisation file. Presumably it's used by Comodo to remember the dimensions of the log viewer window.


File cfplogvw.INI received on 2009.08.19 22:20:10 (UTC)
Current status: finished
Result: 0/41 (0.00%)
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.08.19 -
AhnLab-V3 5.0.0.2 2009.08.19 -
AntiVir 7.9.1.3 2009.08.19 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.19 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.19 -
Comodo 2027 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.19 -
eSafe 7.0.17.0 2009.08.19 -
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.19 -
Fortinet 3.120.0.0 2009.08.19 -
GData 19 2009.08.19 -
Ikarus T3.1.1.68.0 2009.08.19 -
Jiangmin 11.0.800 2009.08.19 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.19 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.19 -
Microsoft 1.4903 2009.08.19 -
NOD32 4349 2009.08.19 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.19 -
Panda 10.0.0.14 2009.08.19 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.24.00 2009.08.19 -
Sophos 4.44.0 2009.08.19 -
Sunbelt 3.2.1858.2 2009.08.19 -
Symantec 1.4.4.12 2009.08.19 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.19 -
VBA32 3.12.10.9 2009.08.19 -
ViRobot 2009.8.19.1891 2009.08.19 -
VirusBuster 4.6.5.0 2009.08.19 -
Additional information
File size: 130 bytes
MD5 : 86e73d9f4c4e2d9b4bd7eb2505a24a8a
SHA1 : 352659834f038fbe30b0314aefeea2edf8646364
SHA256: 95bee9fb817e74adc936c8d8b8b0cea6d3402e57b1421529de8d0a8af7bad2a7
TrID : File type identification
Generic INI configuration (100.0%)
ssdeep: 3:sFzJKjXcykUQo5jkkkkkkkntWt111111FkkhiingWk4Vn:sFMjIUQoOYH91hHgjcn
PEiD : -
RDS : NSRL Reference Data Set
-



The GMER rootkit scan is too long to post as a reply (932KB) so I have submitted it as a ZIP'd attachment. I hope that's okay. There was a warning about a rootkit after the scan, and an entry for Explorer.EXE was highlighted in red if that helps.

The GMER autostart scan is as follows:




GMER 1.0.15.15077 - http://www.gmer.net
Autostart scan 2009-08-20 00:51:11
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@UIHostC:\WINDOWS\system32\logonuiX.exe = C:\WINDOWS\system32\logonuiX.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
WBSrv@DLLName = C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = wbsys.dll ,C:\DOCUME~1\MARVIN~1.OMN\LOCALS~1\Temp\35138mja.dll C:\WINDOWS\system32\guard32.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv@ = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
ATI Smart@ = C:\WINDOWS\system32\ati2sgag.exe
avast! Antivirus@ = "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
cmdAgent@ = "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
Lavasoft Ad-Aware Service@ = "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"
ThreatFire@ = C:\Program Files\ThreatFire\TFService.exe service /*file not found*/
UMWdf@ = C:\WINDOWS\system32\wdfmgr.exe
WinTabService@ = "%SystemRoot%\System32\Drivers\WTSRV.EXE"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ScanSoft OmniPage SE 4.0-reminder"C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini" /*file not found*/ = "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini" /*file not found*/
@COMODO Internet Security"C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h = "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@WTClientWTClient.exe = WTClient.exe
@WinampAgent"C:\Program Files\Winamp\winampa.exe" = "C:\Program Files\Winamp\winampa.exe"
@ThreatFireC:\Program Files\ThreatFire\TFTray.exe = C:\Program Files\ThreatFire\TFTray.exe
@CTxfiHlpCTXFIHLP.EXE = CTXFIHLP.EXE
@Arucerrundll32 C:\WINDOWS\system32\Arucer.dll,Arucer = rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@Ad-WatchC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe = C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AtiTrayTools"C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" = "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
@WindowBlindsC:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBInstall32.exe /*file not found*/ = C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBInstall32.exe /*file not found*/
@DAEMON Tools Lite"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
@Boinc"C:\Program Files\BOINC\boincmgr.exe" /s = "C:\Program Files\BOINC\boincmgr.exe" /s
@AlcoholAutomount"C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount = "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG8 Shell Extension*/C:\Program Files\AVG\AVG8\avgse.dll = C:\Program Files\AVG\AVG8\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG8 Find Extension*/(null) =
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{AECB9170-4C86-11D2-972E-00A024A82FF3} /*Turnpike*/D:\Turnpike\TURNPIKE.DLL = D:\Turnpike\TURNPIKE.DLL
@{B8323370-FF27-11D2-97B6-204C4F4F5020} /*SmartFTP Shell Extension DLL*/C:\Program Files\SmartFTP Client 2.0\smarthook.dll = C:\Program Files\SmartFTP Client 2.0\smarthook.dll
@{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} /*SmartFTP Drop ShellIconOverlayHandler*/C:\Program Files\SmartFTP Client\sfShellTools.dll = C:\Program Files\SmartFTP Client\sfShellTools.dll
@{40FDFA48-5F4E-4627-A78E-6A49A3D4492F} /*SmartFTP ShellDropHandler*/C:\Program Files\SmartFTP Client\sfShellTools.dll = C:\Program Files\SmartFTP Client\sfShellTools.dll
@{F87DED31-303F-4ED1-9BCE-D360FBC74E0A} /*SmartFTP ContextMenu*/C:\Program Files\SmartFTP Client\sfShellTools.dll = C:\Program Files\SmartFTP Client\sfShellTools.dll
@{39DD67E0-73B6-4a11-AF55-49E1EBBF72BE} /*SmartFTP Favorites Namespace*/C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll = C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
@{82AA9188-44E0-40B9-B956-43A10C315B4F} /*SmartFTP Shell Namespace Extension*/C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll = C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
@{2ED7FD81-CBA6-45E5-A49A-5E84889A94E2} /*SmartFTP Drop Handler*/C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll = C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
@{EB5EE1F3-041A-4c03-9D51-2BEC6715FB00} /*SmartFTP Search Shell Namespace Extension*/C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll = C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
@{2F5AC606-70CF-461C-BFE1-734234536262} /*WindowBlinds CPL Extension*/C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll /*file not found*/ = C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll /*file not found*/
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/(null) =
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/(null) =
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/(null) =
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/(null) =
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Program Files\Alwil Software\Avast4\ashShell.dll = C:\Program Files\Alwil Software\Avast4\ashShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
AVG8 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG8\avgse.dll
FencesShellExt@{1984DD45-52CF-49cd-AB77-18F378FEA264} =
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
SmartFTP@{F87DED31-303F-4ED1-9BCE-D360FBC74E0A} = C:\Program Files\SmartFTP Client\sfShellTools.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
FencesShellExt@{1984DD45-52CF-49cd-AB77-18F378FEA264} =
SmartFTP@{F87DED31-303F-4ED1-9BCE-D360FBC74E0A} = C:\Program Files\SmartFTP Client\sfShellTools.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
AVG8 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG8\avgse.dll
FencesShellExt@{1984DD45-52CF-49cd-AB77-18F378FEA264} =
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{C333CF63-767F-4831-94AC-E683D962C63C}C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll = C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

---- EOF - GMER 1.0.15 ----




Finally a fresh RSIT scan.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Marvin Kosh at 2009-08-20 01:24:42
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (28%) free of 30 GB
Total RAM: 1023 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:25:01, on 20/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Applications\Mozilla Firefox\firefox.exe
J:\My Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Marvin Kosh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Arucer] rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [WindowBlinds] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBInstall32.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Boinc] "C:\Program Files\BOINC\boincmgr.exe" /s
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitedefender.co.uk
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 0555413093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0555332988
O20 - AppInit_DLLs: wbsys.dll ,C:\DOCUME~1\MARVIN~1.OMN\LOCALS~1\Temp\35138mja.dll C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 6944 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
C:\WINDOWS\tasks\Check e-mail.job
C:\WINDOWS\tasks\DefragC.job
C:\WINDOWS\tasks\DefragD.job
C:\WINDOWS\tasks\DefragE.job
C:\WINDOWS\tasks\DefragH.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
CoTGT_BHO Class - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-18 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-18 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ScanSoft OmniPage SE 4.0-reminder"=C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe -r C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini []
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-08-13 1793808]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"WTClient"=C:\WINDOWS\system32\WTClient.exe [2007-04-11 40960]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2009-06-19 259344]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"Arucer"=rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-08-16 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"=C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe [2007-05-22 521128]
"WindowBlinds"=C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBInstall32.exe []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"Boinc"=C:\Program Files\BOINC\boincmgr.exe [2007-07-04 3846912]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2009-04-02 203416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-23 1948440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtxfiReg]
CTXFIREG.exe /FAIL1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Email Notifier]
D:\Applications\NT Email Notifier\NTEmailNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartException]
C:\Program Files\Stardock\SmartException\SmartEx.exe [2006-11-14 87728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-18 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marvin Kosh.OMNILOTH^Start Menu^Programs^Startup^BOINC Manager.lnk]
C:\PROGRA~1\BOINC\boincmgr.exe [2007-07-04 3846912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marvin Kosh.OMNILOTH^Start Menu^Programs^Startup^ImpulseNow.lnk]
C:\PROGRA~1\Stardock\Impulse\Now\IMPULS~1.EXE [2009-08-19 464176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marvin Kosh.OMNILOTH^Start Menu^Programs^Startup^UltraMon.lnk]
C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\Microsoft\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3
"JavaQuickStarterService"=2
"Ati HotKey Poller"=2
"SQLWriter"=3
"MSSQL$SQLEXPRESS"=3
"avg8wd"=2
"avg8emc"=2
"wuauserv"=2
"WebClient"=2
"VSS"=3
"UPS"=3
"TrkWks"=2
"TermService"=3
"StyleXPService"=3
"SharedAccess"=2
"SCardSvr"=3
"RDSessMgr"=3
"RasMan"=3
"RasAuto"=3
"mnmsrvc"=3
"LmHosts"=2
"lanmanserver"=2
"FastUserSwitchingCompatibility"=3
"Browser"=3
"BITS"=2
"aspnet_state"=3
"Alerter"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll ,C:\DOCUME~1\MARVIN~1.OMN\LOCALS~1\Temp\35138mja.dll C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceStartMenuLogOff"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"H:\Games\Neverwinter Nights 2\nwn2main.exe"="H:\Games\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"H:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe"="H:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"H:\Games\Neverwinter Nights 2\nwupdate.exe"="H:\Games\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"H:\Games\Neverwinter Nights 2\nwn2server.exe"="H:\Games\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"H:\Games\Battle for Middle-earth II\game.dat"="H:\Games\Battle for Middle-earth II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"J:\Games\NWN 2\nwn2main.exe"="J:\Games\NWN 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"J:\Games\NWN 2\nwn2main_amdxp.exe"="J:\Games\NWN 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"J:\Games\NWN 2\nwupdate.exe"="J:\Games\NWN 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"J:\Games\NWN 2\nwn2server.exe"="J:\Games\NWN 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"D:\Applications\Ventrilo\Ventrilo.exe"="D:\Applications\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{559954fe-a061-11dc-8e02-00000000a666}]
shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{559954ff-a061-11dc-8e02-00000000a666}]
shell\AutoRun\command - J:\Autorun.exe


======List of files/folders created in the last 1 months======

2009-08-19 22:47:17 ----SHD---- C:\Config.Msi
2009-08-19 06:21:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-19 06:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-19 06:20:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-19 06:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-19 06:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-19 06:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-19 06:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-19 06:13:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-19 06:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-08-19 06:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-19 06:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-19 05:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-08-19 05:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-19 05:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-19 05:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-19 05:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-19 05:46:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-19 05:41:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957579$
2009-08-19 05:35:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-19 05:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-19 05:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-19 05:26:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-19 05:26:09 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-08-19 05:22:27 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-08-19 05:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-19 05:21:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-08-19 05:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-08-19 05:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-19 05:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB959252-v2$
2009-08-19 05:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-08-19 05:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-19 05:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-19 05:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-08-19 04:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-08-19 04:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-08-19 04:50:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-08-19 04:47:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-08-19 04:43:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-08-19 04:38:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-08-19 04:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-08-19 04:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-08-19 04:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-08-19 04:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-08-19 04:21:56 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-08-19 04:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-08-19 04:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-08-18 01:32:24 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-18 01:32:23 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-18 01:32:17 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-18 01:32:12 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-08-17 22:26:12 ----D---- C:\rsit
2009-08-16 10:55:38 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-08-15 18:08:02 ----D---- C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\Malwarebytes
2009-08-15 18:07:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-08-15 18:06:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-15 17:05:55 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-14 12:13:43 ----D---- C:\Program Files\Lavasoft
2009-08-14 12:13:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2009-08-13 16:44:22 ----D---- C:\Program Files\Process Monitor
2009-08-13 11:48:32 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-08-13 11:48:32 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-13 11:48:22 ----D---- C:\Program Files\Alwil Software
2009-08-13 09:12:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2009-08-13 09:12:16 ----A---- C:\WINDOWS\system32\guard32.dll
2009-08-13 03:01:35 ----A---- C:\WINDOWS\cfplogvw.INI
2009-08-13 02:43:24 ----D---- C:\Program Files\ThreatFire
2009-08-13 02:32:56 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-08-13 02:32:42 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2009-08-13 02:00:47 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-12 23:02:23 ----D---- C:\Program Files\Trend Micro
2009-08-12 09:31:37 ----D---- C:\Program Files\DAEMON Tools Toolbar

======List of files/folders modified in the last 1 months======

2009-08-20 01:24:44 ----D---- C:\WINDOWS\Temp
2009-08-20 01:03:53 ----D---- C:\Program Files\BOINC
2009-08-20 01:02:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-20 01:01:35 ----D---- C:\Program Files\Common Files\Stardock
2009-08-20 00:59:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-19 22:54:59 ----RSD---- C:\WINDOWS\assembly
2009-08-19 22:47:19 ----SHD---- C:\WINDOWS\Installer
2009-08-19 22:40:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-19 22:40:11 ----D---- C:\WINDOWS\system32
2009-08-19 22:38:29 ----D---- C:\Program Files\GIMP-2.2
2009-08-19 22:38:25 ----D---- C:\WINDOWS\Prefetch
2009-08-19 22:38:11 ----D---- C:\Program Files\Common Files
2009-08-19 22:13:33 ----A---- C:\WINDOWS\LogonStudio.ini
2009-08-19 06:46:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-19 06:42:11 ----D---- C:\WINDOWS
2009-08-19 06:40:31 ----SH---- C:\boot.ini
2009-08-19 06:40:31 ----A---- C:\WINDOWS\win.ini
2009-08-19 06:40:31 ----A---- C:\WINDOWS\system.ini
2009-08-19 06:21:11 ----HD---- C:\WINDOWS\inf
2009-08-19 06:21:02 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-19 06:20:47 ----A---- C:\WINDOWS\imsins.BAK
2009-08-19 06:19:56 ----D---- C:\Program Files\Outlook Express
2009-08-19 06:14:59 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-19 06:09:05 ----D---- C:\WINDOWS\system32\Setup
2009-08-19 06:09:05 ----D---- C:\WINDOWS\system32\drivers
2009-08-19 05:59:35 ----D---- C:\Program Files\Internet Explorer
2009-08-19 05:27:26 ----D---- C:\WINDOWS\AppPatch
2009-08-19 05:23:37 ----D---- C:\WINDOWS\system32\wbem
2009-08-19 04:54:37 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-19 04:21:59 ----D---- C:\Program Files\Messenger
2009-08-18 01:35:06 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-18 01:32:27 ----D---- C:\WINDOWS\Help
2009-08-18 01:30:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-17 14:57:13 ----SHD---- C:\System Volume Information
2009-08-16 23:16:15 ----RD---- C:\Program Files
2009-08-16 11:09:29 ----A---- C:\WINDOWS\WININIT.INI
2009-08-16 10:59:07 ----SD---- C:\WINDOWS\Tasks
2009-08-14 15:34:22 ----D---- C:\WINDOWS\security
2009-08-14 12:18:44 ----SHD---- C:\WINDOWS\CSC
2009-08-14 12:17:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-14 12:15:34 ----HD---- C:\$AVG8.VAULT$
2009-08-13 22:11:05 ----D---- C:\Documents and Settings
2009-08-13 16:26:32 ----D---- C:\WINDOWS\system32\config
2009-08-13 09:12:09 ----D---- C:\Program Files\COMODO
2009-08-13 02:00:48 ----D---- C:\WINDOWS\Debug
2009-08-13 00:19:27 ----D---- C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\Comodo
2009-08-12 22:19:20 ----D---- C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\DAEMON Tools Lite
2009-08-12 09:31:37 ----D---- C:\Program Files\DAEMON Tools Lite
2009-08-11 23:27:59 ----A---- C:\moduleName.txt
2009-08-09 08:08:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-05 10:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 07:04:41 ----D---- C:\Program Files\Winamp
2009-07-29 10:23:16 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-07-29 05:53:14 ----A---- C:\WINDOWS\system32\fontsub.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-18 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-23 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-07 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-08-13 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-08-13 25160]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-07-07 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-07-07 532376]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 ctgame;Game Port; C:\WINDOWS\system32\DRIVERS\ctgame.sys [2008-07-07 18840]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-07-07 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-07-07 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-07-07 92696]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2008-07-07 797720]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2008-07-07 162840]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-07-07 127512]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 XBCD;XBCD Kernel Module; C:\WINDOWS\System32\Drivers\xbcd.sys [2005-05-13 19212]
S3 a7fd7wqu;a7fd7wqu; C:\WINDOWS\system32\drivers\a7fd7wqu.sys []
S3 amvadfcs;amvadfcs; C:\WINDOWS\system32\drivers\amvadfcs.sys []
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-07-07 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys []
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2007-04-23 18432]
S3 UCharger;Usb Charger Driver; C:\WINDOWS\System32\Drivers\UCharger.sys [2007-05-15 13765]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2007-05-31 12800]
S3 UKS11LDR;M-Audio USB Keystation Loader; C:\WINDOWS\system32\drivers\uks11ldr.sys [2008-09-20 13504]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBKT1X1;M-Audio USB Keystation; C:\WINDOWS\system32\drivers\usbkt1x1.sys [2008-09-20 22304]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-08-13 707152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-16 1029456]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2009-06-19 70928]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2007-05-31 53248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]
S4 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-18 907032]
S4 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-23 298776]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-18 152984]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; D:\Applications\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S4 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]

-----------------EOF-----------------
Last edited by sinclaire on August 20th, 2009, 9:15 am, edited 1 time in total.
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 19th, 2009, 8:38 pm

Comments about machine's current condition:

Everything seems okay. I've done more scans with MBAM and Ad-Aware and nothing new has showed up.

However today right after I copied that massive GMER log file the machine started to pause a lot. After I had saved the log files I restarted and it was okay. It could be that the clipboard was overloaded, I don't know. Just thought it was worth mentioning.
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby tan_pang » August 20th, 2009, 2:28 am

Hi, glad that your machine is better now.
But anyway, for the GMER log... Sorry to tell that, can you please post it in the forum instead of upload as attachment?
Because it is the forum rules that disallow attachment.

If it is too long, you can split and post it in several posts. :)
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:45 am

This is the part that was highlighted in red.

---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [196] 0x02100000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [196] 0x033C0000


Rest of the log follows:


GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-20 00:43:20
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAA7BDF68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA4D66B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAA7BD472]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAA7BDB0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA4D6574]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAA7BD150]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAA7BF1F0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAA7BF4C8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAA7BCD16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xAA7BE14E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA4D6A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA4D614C]
SSDT spxw.sys ZwEnumerateKey [0xF746CCA4]
SSDT spxw.sys ZwEnumerateValueKey [0xF746D032]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAA7BEE72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAA7BD6F6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAA7BDD50]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA4D664E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA4D608C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAA7BD986]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA4D60F0]
SSDT spxw.sys ZwQueryKey [0xF746D10A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA4D676E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAA7BE8AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAA7BD26E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA4D672E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAA7BEC0E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAA7BF020]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA4D68AE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xAA7BD690]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xAA7BD87A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xAA7BD01A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xAA7BCEE8]

INT 0x39 ? 877DCBF8
INT 0x39 ? 877DCBF8
INT 0x3A ? 8755EBF8
INT 0x3B ? 8755EBF8
INT 0x3C ? 8755EBF8
INT 0x3E ? 877D9BF8
INT 0x3F ? 877D9BF8
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:46 am

---- Kernel code sections - GMER 1.0.15 ----

.text KERNEL1.EXE!_abnormal_termination + 34F 804E3020 4 Bytes CALL 58E0DAA0
? spxw.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6B4462C 5 Bytes JMP 8755E1D8
.text a41g7icm.SYS F6149386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a41g7icm.SYS F61493AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a41g7icm.SYS F61493C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a41g7icm.SYS F61493C9 1 Byte [2E]
.text a41g7icm.SYS F61493C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
.text agb7axbl.SYS F6111386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text agb7axbl.SYS F61113AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text agb7axbl.SYS F61113C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text agb7axbl.SYS F61113C9 1 Byte [30]
.text agb7axbl.SYS F61113C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00381950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00388B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003818D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00381890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003819B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00381910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00381A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00381970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003818F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00381930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003819D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00381990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003818B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00381A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00384550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00388A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 003819F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00381B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00381D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00381AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00381AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00381D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00381A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00381A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00381A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00381D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 00381CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 00381D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00381B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FE30F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 00381C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00381C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FDD0F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 00381B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [B6, 83] {MOV DH, 0x83}
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 00381BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00381B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00381B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 00381CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 00381CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FE00F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 00381C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00381BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 00381C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 00381C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 00381BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00381D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 00381AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE60F5A
.text C:\WINDOWS\Explorer.EXE[196] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 00381480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 00381640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 00381000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 00381250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 00388700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[196] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\Explorer.EXE[196] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 00381E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 00381DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 00381DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\Explorer.EXE[196] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\Explorer.EXE[196] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 00381DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 00388450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 00388590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 00381E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD70F5A
.text C:\WINDOWS\Explorer.EXE[196] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 00381E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[196] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FDA0F5A
.text C:\WINDOWS\Explorer.EXE[196] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE90F5A
.text C:\WINDOWS\Explorer.EXE[196] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FEC0F5A
.text C:\WINDOWS\Explorer.EXE[196] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FEF0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00921950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00928B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009218D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00921890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 009219B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00921910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00921A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00921970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 009218F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00921930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 009219D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00921990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009218B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00921A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!LdrLoadDll 7C915CD3 3 Bytes JMP 00924550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!LdrLoadDll + 4 7C915CD7 1 Byte [84]
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00928A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 009219F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:47 am

.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00921B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00921D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00921AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00921AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00921D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00921A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00921A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00921A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00921D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 00921CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 00921D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00921B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FE30F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 00921C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00921C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FDD0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 00921B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [10, 84]
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 00921BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00921B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00921B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 00921CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 00921CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FE00F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 00921C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00921BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 00921C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 00921C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 00921BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00921D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 00921AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE60F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 00921480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 00921640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 00921000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 00921250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 00928700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[224] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[224] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 00928450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 00928590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 00921E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 00921DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 00921DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 00921DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 00921E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD70F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 00921E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[224] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FDA0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE90F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FEC0F5A
.text C:\WINDOWS\system32\spoolsv.exe[224] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FEF0F5A
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003A1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003A8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003A1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003A19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003A1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003A1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003A18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003A1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003A19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003A1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003A18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003A1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003A4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003A8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 003A19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003A1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003A1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003A1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003A1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003A1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003A1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003A1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 003A1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 003A1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 003A1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 003A1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 003A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 003A1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 003A1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 003A1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [B8, 83]
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 003A1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 003A1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 003A1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 003A1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 003A1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 003A1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 003A1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 003A1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 003A1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 003A1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 003A1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 003A1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 003A8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 003A1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 003A1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 003A1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 003A1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 003A1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 003A1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 003A1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 003A1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 003A8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFService.exe[360] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 003A8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 01051950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 01058B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 010518D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01051890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 010519B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 01051910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 01051A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 01051970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 010518F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01051930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 010519D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 01051990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 010518B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 010522D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 01051A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 01054550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 01058A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 010519F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01051B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01051D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 01051AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01051AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01051D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01051A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01051A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01051A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01051D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 01051CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 01051D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01051B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 01051C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01051C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 01051B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [83, 84]
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 01051BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01051B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 01051B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 01051CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 01051CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 01051C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01051BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 01051C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 01051C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 01051BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01051D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 01051AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 01051480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 01051640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 01051000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 01051250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 01051E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 01051E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 01058700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 01051E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 01051DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 01051DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 01051DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 01058450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 01058590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 01051E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Applications\Mozilla Firefox\firefox.exe[528] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 01051E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:48 am

.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5F9E0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB40F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F690F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9B0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FD90F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F410F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F660F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FD60F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F440F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FDC0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F980F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7B0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F8D0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F6F0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8A0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F810F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F870F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F6C0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F7E0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F720F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FA80F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA50F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F840F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F470F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FAE0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4A0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B2, 5F] {MOV DL, 0x5f}
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAB0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wdfmgr.exe[592] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [60, 5F] {PUSHA ; POP EDI}
.text C:\WINDOWS\system32\wdfmgr.exe[592] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FDF0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FE20F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FE50F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[592] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FBF001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F89001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F95001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F14001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F11001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F23001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F20001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FB6001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5F92001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FA7001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F59001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 5F17001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F5F001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F8F001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 5F86001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FCE001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F3B001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FC8001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F5C001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5FB3001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5FAA001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5FAD001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FCB001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F3E001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5FB0001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 5F32001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FD1001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F8C001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F41001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FA1001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F44001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F53001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1D001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5F9E001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1A001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F47001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 5F35001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F71001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F83001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F65001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6E001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6B001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F80001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F77001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F7D001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F62001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F74001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F68001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5F9B001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5F98001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F7A001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F4D001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F50001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FD4001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FD7001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FDA001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2F001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2C001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F26001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FBC001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FB9001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F29001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FC2001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[612] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FC5001E
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:49 am

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00AA1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00AA8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AA18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AA1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AA19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00AA1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00AA1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00AA1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00AA18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AA1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00AA19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00AA1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AA18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00AA1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00AA4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00AA8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 00AA19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AA1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AA1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00AA1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AA1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 018A5AF0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AA1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AA1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00AA1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00AA1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 00AA1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 00AA1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00AA1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 00AA1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00AA1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 00AA1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [28, 84]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 00AA1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00AA1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00AA1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 00AA1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 00AA1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 00AA1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00AA1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 00AA1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 00AA1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 00AA1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00AA1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 00AA1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 00AA1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 00AA1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 00AA1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 00AA1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 00AA8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 00AA1E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 00AA1E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 00AA8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 00AA8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 00AA1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 00AA1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 00AA1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 00AA1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 00AA1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[624] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 00AA1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5F9E0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB40F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F690F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9B0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FD90F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F410F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F660F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FD60F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F440F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FDC0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F980F5A
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F470F5A
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FAE0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4A0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B2, 5F] {MOV DL, 0x5f}
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAB0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WTClient.exe[636] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [60, 5F] {PUSHA ; POP EDI}
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7B0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F8D0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F6F0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8A0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F810F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F870F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F6C0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F7E0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F720F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FA80F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA50F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F840F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\WTClient.exe[636] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\WTClient.exe[636] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\WTClient.exe[636] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FDF0F5A
.text C:\WINDOWS\system32\WTClient.exe[636] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FE20F5A
.text C:\WINDOWS\system32\WTClient.exe[636] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FE50F5A
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003C1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003C8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003C1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003C19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003C1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003C1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003C18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003C1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003C19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003C1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003C18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003C1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003C4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003C8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 003C19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003C1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003C1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003C1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003C1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003C1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003C1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003C1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 003C1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 003C1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 003C1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 003C1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 003C1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FE30F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 003C1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 003C1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FDD0F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 003C1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [BA, 83]
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 003C1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 003C1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 003C1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 003C1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 003C1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FE00F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 003C1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 003C1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 003C1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 003C1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 003C1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 003C1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 003C1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE60F5A
.text C:\Program Files\Winamp\winampa.exe[640] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 003C1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 003C1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 003C1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 003C1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 003C8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[640] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\Program Files\Winamp\winampa.exe[640] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 003C1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 003C1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 003C1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\Program Files\Winamp\winampa.exe[640] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\Program Files\Winamp\winampa.exe[640] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 003C1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 003C1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD70F5A
.text C:\Program Files\Winamp\winampa.exe[640] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 003C1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FDA0F5A
.text C:\Program Files\Winamp\winampa.exe[640] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 003C8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 003C8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Winamp\winampa.exe[640] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE90F5A
.text C:\Program Files\Winamp\winampa.exe[640] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FEC0F5A
.text C:\Program Files\Winamp\winampa.exe[640] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FEF0F5A
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003A1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003A8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003A1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003A19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003A1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003A1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003A18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003A1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003A19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003A1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003A18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003A1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003A4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003A8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 003A19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003A1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003A1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003A1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003A1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01065AF0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003A1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003A1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 003A1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 003A1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 003A1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 003A1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 003A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 003A1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 003A1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 003A1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [B8, 83]
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 003A1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 003A1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 003A1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 003A1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 003A1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 003A1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 003A1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 003A1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 003A1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 003A1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 003A1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 003A1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 003A1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 003A1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 003A1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 003A1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 003A1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 003A1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 003A8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 003A8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 003A8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 003A1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 003A1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 003A1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ThreatFire\TFTray.exe[656] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 003A1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FDD0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FD70F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FDA0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE00F5A
.text C:\WINDOWS\system32\rundll32.exe[684] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[684] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\system32\rundll32.exe[684] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\system32\rundll32.exe[684] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[684] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE30F5A
.text C:\WINDOWS\system32\rundll32.exe[684] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FE60F5A
.text C:\WINDOWS\system32\rundll32.exe[684] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FE90F5A
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:50 am

.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FDD0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FD70F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FDA0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE00F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE30F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FE60F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FE90F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\winlogon.exe[772] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\winlogon.exe[772] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\winlogon.exe[772] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\winlogon.exe[772] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\winlogon.exe[772] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 006A1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 006A8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006A18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006A1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 006A19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 006A1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 006A1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 006A1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 006A18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006A1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 006A19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 006A1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006A18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 006A1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 006A4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 006A8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 006A19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD50F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006A1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006A1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 006A1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006A1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006A1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006A1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006A1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCC0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB90F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 006A1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 006A1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 006A1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 006A1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 006A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FE40F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 006A1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 006A1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FDE0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 006A1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!OpenFile + 3 7C821995 2 Bytes CALL 975A821D
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 006A1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 006A1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 006A1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 006A1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 006A1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FE10F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 006A1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 006A1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 006A1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 006A1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 006A1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006A1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 006A1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE70F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F800F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F920F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F7A0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8F0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F860F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8C0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F830F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAD0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 006A1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 006A1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FAA0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F890F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 006A1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 006A1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB30F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B7, 5F] {MOV BH, 0x5f}
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FB00F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 006A8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\system32\services.exe[820] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 006A8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 006A8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 006A1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 006A1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 006A1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD20F5A
.text C:\WINDOWS\system32\services.exe[820] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCF0F5A
.text C:\WINDOWS\system32\services.exe[820] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 006A1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 006A1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD80F5A
.text C:\WINDOWS\system32\services.exe[820] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 006A1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[820] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FDB0F5A
.text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FEA0F5A
.text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FED0F5A
.text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FF00F5A
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 007A1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007A8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007A18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007A1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007A19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 007A1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 007A1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 007A1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 007A18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007A1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 007A19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 007A1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007A18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 007A1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 007A4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 007A8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 007A19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007A1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007A1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 007A1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007A1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007A1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007A1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007A1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007A1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 007A1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 007A1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 007A1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FE30F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 007A1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 007A1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FDD0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 007A1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [F8, 83]
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 007A1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 007A1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 007A1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 007A1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 007A1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FE00F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 007A1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 007A1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 007A1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 007A1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 007A1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007A1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 007A1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE60F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 007A1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 007A1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 007A1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 007A1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 007A8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 007A1E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE90F5A
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FEC0F5A
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 007A1E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FEF0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 007A8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 007A8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 007A1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 007A1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 007A1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\system32\lsass.exe[832] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\system32\lsass.exe[832] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 007A1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 007A1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD70F5A
.text C:\WINDOWS\system32\lsass.exe[832] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 007A1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[832] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FDA0F5A
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware