Please Check
Page 1 of 2 12 LastLast
Results 1 to 15 of 29

Thread: Please Check

  1. November 13th, 2009, 09:12 PM #1
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    Please Check

    Spybot scanned before windows startup. I really don't know if it has that capability nowadays so I'm not sure if it's a routine check. I also don't know if this pc is infected since it found no problem at all. Please check this log file if is something is wrong. Thank you very much.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:04:24 AM, on 11/14/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\RunDll32.exe
    D:\Program Files\VDOTool\TBPanel.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\Program Files\Pando Networks\Media Booster\PMB.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\igfxsrvc.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] D:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Gainward] D:\Program Files\VDOTool\TBPanel.exe /A
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Pando Media Booster] D:\Program Files\Pando Networks\Media Booster\PMB.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 4517 bytes
    Reply With Quote Reply With Quote
  2. November 13th, 2009, 10:48 PM #2
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    ******************************************************************************************
    Due to a bug in Malwarebytes, you may see in MBAM's log following entries:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit)
    DO NOT remove those entries!
    If you do, your computer will become UN-bootable.
    The issue has been fixed in the latest MBAM update, so, it's EXTREMELY important, you update MBAM before you run it.
    ****************************************************************************************

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4.
    Post fresh HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    My Home Page
    Reply With Quote Reply With Quote
  3. November 14th, 2009, 04:01 AM #3
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    No problems found

    I've scanned it using superantispyware & malwarebytes. No problem was found. I'll post the logs below. Thank you very much.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/14/2009 at 02:54 PM

    Application Version : 4.29.1004

    Core Rules Database Version : 4271
    Trace Rules Database Version: 2154

    Scan type : Complete Scan
    Total Scan Time : 01:12:58

    Memory items scanned : 228
    Memory threats detected : 0
    Registry items scanned : 4273
    Registry threats detected : 0
    File items scanned : 30168
    File threats detected : 0

    Malwarebytes' Anti-Malware 1.41
    Database version: 3168
    Windows 5.1.2600 Service Pack 2

    11/14/2009 3:33:15 PM
    mbam-log-2009-11-14 (15-33-15).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 128058
    Time elapsed: 23 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Reply With Quote Reply With Quote
  4. November 14th, 2009, 04:15 AM #4
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    gmer log too long

    GMER 1.0.15.15220 - http://www.gmer.net
    Rootkit scan 2009-11-14 16:11:30
    Windows 5.1.2600 Service Pack 2
    Running: 78h30c7f.exe; Driver: D:\DOCUME~1\LEO37\LOCALS~1\Temp\ffriaaow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xEE2E3D46]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE0A76B8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xEE2E3250]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xEE2E38EA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE0A7574]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xEE2E3132]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xEE2E5254]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xEE2E552C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xEE2E2CF8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xEE2E3F2C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE0A7A52]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE0A714C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xEE2E4ED6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xEE2E34D4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xEE2E3B2E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE0A764E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE0A708C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xEE2E3764]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE0A70F0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE0A776E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xEE2E4688]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xEE2E49F0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE0A772E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xEE2E4C72]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xEE2E5084]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE0A78AE]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xEE2E346E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xEE2E3658]
    SSDT \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEE1640B0]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xEE2E2ECA]
    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 113 804E4FD4 4 Bytes JMP 3EEE2E38

    ---- User code sections - GMER 1.0.15 ----

    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    Reply With Quote Reply With Quote
  6. November 14th, 2009, 04:18 AM #5
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    more gmer log

    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\spoolsv.exe[448] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    Reply With Quote Reply With Quote
  7. November 14th, 2009, 04:19 AM #6
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    yet more gmer log

    .text D:\WINDOWS\system32\services.exe[628] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\services.exe[628] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\lsass.exe[640] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    Reply With Quote Reply With Quote
  8. November 14th, 2009, 04:21 AM #7
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    and another one

    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[812] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    Reply With Quote Reply With Quote
  9. November 14th, 2009, 04:23 AM #8
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    I don't know how many I'll be posting

    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[856] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[924] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 0040FB50 D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    Reply With Quote Reply With Quote
  11. November 14th, 2009, 04:25 AM #9
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    I hope you won't get dizzy

    .text D:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[948] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Ahead\InCD\InCDsrv.exe[1020] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    Reply With Quote Reply With Quote
  12. November 14th, 2009, 04:26 AM #10
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    sigh...

    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1264] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    Reply With Quote Reply With Quote
  13. November 14th, 2009, 04:27 AM #11
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    I wonder when this will end

    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    Reply With Quote Reply With Quote
  14. November 14th, 2009, 04:28 AM #12
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    now it's almost 1/3

    .text D:\WINDOWS\system32\nvsvc32.exe[1380] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\svchost.exe[1392] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    Reply With Quote Reply With Quote
  15. November 14th, 2009, 04:30 AM #13
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    I can't think of anymore titles

    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1488] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    Reply With Quote Reply With Quote
  16. November 14th, 2009, 04:31 AM #14
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    Are we there yet?

    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] WININET.dll!InternetConnectA 771C44DB 5 Bytes JMP 10001E30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\Explorer.EXE[1496] WININET.dll!InternetConnectW 771D5D4C 1 Byte [E9]
    .text D:\WINDOWS\Explorer.EXE[1496] WININET.dll!InternetConnectW 771D5D4C 5 Bytes JMP 10001E50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    Reply With Quote Reply With Quote
  17. November 14th, 2009, 04:32 AM #15
    swordie_037
    swordie_037 is offline Virtual Intern
    Join Date
    Dec 2007
    Posts
    107

    Now its more than half

    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Program Files\Alwil Software\Avast4\ashServ.exe[1580] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\WINDOWS\system32\RunDll32.exe[1696] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules