|
-
November 14th, 2009, 04:34 AM
#16
I hope there's a better way
.text D:\WINDOWS\system32\RunDll32.exe[1696] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RunDll32.exe[1696] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RunDll32.exe[1696] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RunDll32.exe[1696] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RunDll32.exe[1696] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\VDOTool\TBPanel.exe[1728] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
-
November 14th, 2009, 04:35 AM
#17
I'ts so long now its on page 2
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\RUNDLL32.EXE[1800] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
-
November 14th, 2009, 04:37 AM
#18
I'm just thinking of different titles to entertain myself...sorry
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1844] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1852] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 0050DCB0 D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
-
November 14th, 2009, 04:39 AM
#19
Seriously it's quite a task
.text D:\WINDOWS\system32\ctfmon.exe[1860] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\ctfmon.exe[1860] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] shell32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] shell32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] shell32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] shell32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] wininet.dll!InternetConnectA 771C44DB 5 Bytes JMP 10001E30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] wininet.dll!InternetConnectW 771D5D4C 1 Byte [E9]
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1880] wininet.dll!InternetConnectW 771D5D4C 5 Bytes JMP 10001E50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 00D31950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00D38B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D318D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00D31890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00D319B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 00D31910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
-
November 14th, 2009, 04:40 AM
#20
About 2/3 through
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 00D31A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 00D31970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 00D318F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00D31930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 00D319D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 00D31990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00D318B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 00D31A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D34550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00D38A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 00D319F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D31B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D31D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00D31AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D31AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D31D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D31A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D31A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00D31A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00D31D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 00D31CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 00D31D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00D31B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 00D31CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 00D31CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 00D31C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00D31BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 00D31C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00D31B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 00D31B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 00D31BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00D31B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00D31C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 00D31C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 00D31C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 00D31BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00D31D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 00D31AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 00D31480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 00D31640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 00D31000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 00D31250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 00D31E90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 00D31E70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 00D38700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] WININET.dll!InternetConnectA 771C44DB 5 Bytes JMP 00D31E30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] WININET.dll!InternetConnectW 771D5D4C 1 Byte [E9]
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] WININET.dll!InternetConnectW 771D5D4C 5 Bytes JMP 00D31E50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 00D38450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 00D38590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 00D31E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 00D31DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 00D31DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Pando Networks\Media Booster\PMB.exe[1888] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 00D31DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
-
November 14th, 2009, 04:41 AM
#21
Are gmer logs normally this long?
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\igfxsrvc.exe[2100] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
-
November 14th, 2009, 04:43 AM
#22
I don't know if this log is right(too long)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2260] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2312] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
-
November 14th, 2009, 04:44 AM
#23
Can't wait to finish posting
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\system32\wscntfy.exe[2384] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
-
November 14th, 2009, 04:45 AM
#24
Oh it's almost done
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\WINDOWS\System32\alg.exe[2616] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10001950 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10008B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 100018D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10001890 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 100019B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10001910 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10001A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10001970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 100018F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10001930 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 100019D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10001990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 100018B0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10001A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10004550 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10008A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 100019F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10001A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10001D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 10001CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 10001D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10001B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10001CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10001CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10001C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10001BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10001C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10001B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10001B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10001BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10001B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10001C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10001C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10001C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10001BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10001D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10001AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ADVAPI32.dll!OpenServiceW 77DE6165 7 Bytes JMP 10001480 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
-
November 14th, 2009, 04:46 AM
#25
Last gmer post(at last...)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ADVAPI32.dll!OpenServiceA 77DEB88C 7 Bytes JMP 10001640 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ADVAPI32.dll!CreateServiceA 77E37071 7 Bytes JMP 10001000 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] ADVAPI32.dll!CreateServiceW 77E37209 7 Bytes JMP 10001250 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] shell32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] shell32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] shell32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Documents and Settings\LEO37\My Documents\Downloads\78h30c7f.exe[3628] shell32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F85916E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F85917B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F8591780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F8591740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F8591740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F85917B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F85916E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F8591780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F8591780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F8591740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F85917B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F85916E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F8591740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F85916E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F85917B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F8591780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F85916E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F8591740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F85917B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F8591780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F8591740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F85917B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F85916E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F8591740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F8591780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F85916E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F85917B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
---- User IAT/EAT - GMER 1.0.15 ----
IAT D:\WINDOWS\system32\services.exe[628] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005A0002
IAT D:\WINDOWS\system32\services.exe[628] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005A0000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
-
November 14th, 2009, 04:52 AM
#26
New HJT log
Seriously, why is gmer log that long? Maybe I did wrong. Please check. Also, sorry if the titles are bothering you, I made them just to entertain myself. Sorry. Again thank you very much. HJT log, my last post for today.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:50 PM, on 11/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\VDOTool\TBPanel.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Pando Networks\Media Booster\PMB.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Gainward] D:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Pando Media Booster] D:\Program Files\Pando Networks\Media Booster\PMB.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4712 bytes
-
November 14th, 2009, 12:46 PM
#27
You did well. Sometimes, GMER is that long. In the future, you can simply attach it.
Verify your Java version here: http://www.java.com/en/download/installed.jsp
Update, if necessary.
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista).
=============================================================
Disable TeaTimer, as it'll interfere with the cleaning process:
Right click Spybot's TeaTimer System Tray Icon.
Click Exit Spybot-S&D Resident.
TeaTimer closes.
NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.
================================================================
Print this post out, since you won't have an access to it, at some point.
1. Open HijackThis.
2. Close all windows, except for HijackThis.
3. Put checkmarks next to the following HijackThis entries:
nothing malicious to remove
4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):
- O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe
- O4 - HKLM\..\Run: [igfxpers] D:\WINDOWS\system32\igfxpers.exe
- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
- O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
- O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
5. Click on Fix checked button.
6. Restart computer.
When done....
Your computer is clean 
1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.
2. Turn off System Restore:
- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
3. Restart computer.
4. Turn System Restore on.
5. Make sure, Windows Updates are current.
6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
8. Run defrag at your convenience.
9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
10. Please, let me know, how is your computer doing.
-
November 16th, 2009, 10:16 PM
#28
Subarashi
Maybe what happened to spybot was a routine scan. Thank you very much for the help. Keep up the good work helping people. This is my latest HJT log. Just making sure there aren't any problems.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:53 AM, on 11/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\VDOTool\TBPanel.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Mozilla Firefox\firefox.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Gainward] D:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - D:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4983 bytes
-
November 16th, 2009, 10:17 PM
#29
You're welcome
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
