Hello here is GMER log:
GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit scan 2012-02-10 20:33:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1234GSX rev.AH001A
Running: k9it3vi3.exe; Driver: C:\DOCUME~1\Toshiba\LOCALS~1\Temp\pxxdqkob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB3732FC4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB5FBC7DE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB3797510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB37566A9]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB5FBBD8A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB3735456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB37354AE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB5FBC444]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB37355C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB375605D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB37353AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB37354FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB3735400]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB5FBEF64]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB5FBB776]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB3735572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB3732FE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB3756D6F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB3757025]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB3735848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB3756BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB3756A45]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB37975C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB3732DB2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB5FBC052]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB373300C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB37359BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB3733AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB3735486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB37354D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB5FBC620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB37355EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB37563B9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB37353D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB3735680]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB373553E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB373542E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB3735764]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB373559C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB3797658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB37568C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB5FBE0A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB373396A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB3756712]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB379F9E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB37556D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB3733030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB3733054]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB5FBCE30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB3732E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB3732F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB3756E76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB3732F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB3732F6C]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB5CD0640]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB5FBB97A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB3733078]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB37AB7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 102 804E495C 16 Bytes [56, 54, 73, B3, AE, 54, 73, ...]
.text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 20 Bytes [FE, 54, 73, B3, 00, 54, 73, ...]
.text ntoskrnl.exe!ZwYieldExecution + 16A 804E49C4 4 Bytes CALL 8501BCF8
.text ntoskrnl.exe!ZwYieldExecution + 23E 804E4A98 16 Bytes [86, 54, 73, B3, D6, 54, 73, ...] {XCHG [EBX+ESI*2-0x4d], DL; SALC ; PUSH ESP; JAE 0xffffffffffffffbb; AND DH, AL; STI ; MOV CH, 0xee; PUSH EBP; JAE 0xffffffffffffffc3}
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP B37AA15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL B373400F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP B37AB7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP B37A869C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D97380, 0x21641D, 0xE8000020]
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB86B9EBF]
.text win32k.sys!EngSetLastError + 79A8 BF8242D4 5 Bytes JMP B3735B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85198B 5 Bytes JMP B3735AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E514 5 Bytes JMP B3735DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E59F 5 Bytes JMP B3735FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F812 5 Bytes JMP B3735ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873F30 5 Bytes JMP B3735F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBA0 5 Bytes JMP B3735C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9F7 BF8C2130 5 Bytes JMP B3735CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA592 5 Bytes JMP B3735D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA812 5 Bytes JMP B3735D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC297 5 Bytes JMP B37359F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF91348A 5 Bytes JMP B3735B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91405E 5 Bytes JMP B3735C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF9169D7 5 Bytes JMP B37360D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0089D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [F8, 83]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 008ABB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 008AB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 008A7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0089D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008A4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008A5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 008A3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 008A4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003C0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003C0600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] USER32.dll!UnhookWinEvent 7E3B18AC 3 Bytes JMP 003C03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] USER32.dll!UnhookWinEvent + 4 7E3B18B0 1 Byte [82]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 008A8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 008A8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 008A9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 008A9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[280] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[280] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[280] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0098D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [07, 84]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 0099BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 0099B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00997DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0098D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00994F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00995AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00993A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00994390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00451014
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00450804
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00450A08
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00450C0C
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00450E10
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 004501F8
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 004503FC
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00450600
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00460804
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00460A08
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00460600
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 004601F8
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 004603FC
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00998BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00998990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00999CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00999BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)