[A] Major probs. Do I need to blow it out?

Inactive
By Mike Shears
Jan 22, 2013
Topic Status:
Not open for further replies.
  1. Scrubbing a machine.

    IE seems to have disappeared. Quick Launch shows a generic white and green launcher for it.
    When you try to launch IE, you get an error mssg: Windows can not access the specified device, path or file. You may not have the appropriate permissions to access the item.

    Ran Malwarebytes with no result.
    Super atispyware seemed to run way too quick. ESET Online scan found two trojans. some sort of regreviv
    I reinstalled IE with no luck.It does not show up anywhere
    Twice I've received the mssg recycle bin is corrupt.
    A number of times when I open something, it get the hourglass for some time. I have had to rudereboot in order to get it to stop.

    Currently running TrojanHunter which has found
    Found malware file: C:\Program Files\EPSON\PrinterDriverTemp\SPR260\cfw_installer.exe (VB.12714)
    and
    Found malware file: C:\Users\XXXXXX\Downloads\cfw_installer.exe (VB.12714)
    Looks like CFW is Comodo Firewall (False Positive?)

    These are still there. Trojan Hunter wanted $39.95 to fix and these look like false positives
    Also tried running Combo Fix to post logs. CB kept stalling even though Fireweall and AV were shut off and no one was using the machine. At one point, it blacked out the screen and would not come back till I tapped the power button. Internet connectivity dropped considerably during this time. Cycling the equipment brought it back. This may be incidental
    HJT log

    [HJT log removed by Broni]
  2. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    GMER log results

    Attached Files:

  3. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    DDS Logs

    Attached Files:

    • DDS.txt
      File size:
      23.7 KB
      Views:
      1
  4. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  5. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    Thanks for your quick response! I will get the MB quick scan log tonight and post it.

    Thanks aggain
  6. Broni

    Broni Malware Annihilator Posts: 46,164   +251

  7. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.24.10

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Puffin :: JEANNE-PC [administrator]

    1/25/2013 6:18:04 PM
    mbam-log-2013-01-25 (18-18-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211782
    Time elapsed: 4 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  8. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    Is something you need missing?
  9. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Hmmm...

  10. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    GMER part 1
    GMER Log

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-14 21:30:21
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\0000004f WDC_WD50 rev.15.0 465.76GB
    Running: gmer3p.exe; Driver: C:\Users\Puffin\AppData\Local\Temp\pwdiqpog.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x922244BA]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x922D2F26]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x92912C22]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x922D3112]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x92224ED6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x922D2286]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9222FFA8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9222FFF4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x922D2B8C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x92230176]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9222FF16]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x92912FA6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9222FF5E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x922D3C8A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x922D1C72]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x92230130]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x9222593E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x92224508]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x92912CEA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x929113EC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x922D254E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x92224556]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x92229534]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x922263A6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9222FFD2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x92230016]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x922D2D68]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9223019A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9222FF3C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x922D27E8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9222FF86]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x92230154]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x92912E4A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x92226272]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x92225DD4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x922245A4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x922245F2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x922257BE]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x922D39A8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x922243AA]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x922D24B8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x92225AF8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x92225C54]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x922D26D4]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x9288B640]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x922D1E76]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9291141C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x92224640]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x92912D96]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x922D3340]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9292BE56]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
  11. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    GMER Part 2
    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!KeSetEvent + 10D 826E87D0 4 Bytes [BA, 44, 22, 92]
    .text ntkrnlpa.exe!KeSetEvent + 119 826E87DC 4 Bytes [26, 2F, 2D, 92]
    .text ntkrnlpa.exe!KeSetEvent + 131 826E87F4 4 Bytes [22, 2C, 91, 92] {AND CH, [ECX+EDX*4]; XCHG EDX, EAX}
    .text ntkrnlpa.exe!KeSetEvent + 13D 826E8800 4 Bytes [12, 31, 2D, 92]
    .text ntkrnlpa.exe!KeSetEvent + 191 826E8854 4 Bytes [D6, 4E, 22, 92]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82813633 5 Bytes JMP 92928CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 8286C593 5 Bytes JMP 9292A810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82875EB8 4 Bytes CALL 92226A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82879B2C 4 Bytes CALL 92226AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 828CDE8C 7 Bytes JMP 9292BE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F00B340, 0x413097, 0xE8000020]
    .text ntdll.dll!LdrLoadDll 77A89378 5 Bytes [E9, 73, EA, 59, 98] {JMP 0x9859ea78}
    .text ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes [E9, 1B, 1B, 58, 98] {JMP 0x98581b20}
    .text ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes [E9, 37, 74, 56, 98] {JMP 0x9856743c}
    .text ntdll.dll!NtClose 77AC4184 5 Bytes [E9, F7, 8E, 55, 98] {JMP 0x98558efc}

    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!LdrGetProcedureAddress 77AA56E0 2 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!LdrGetProcedureAddress + 3 77AA56E3 2 Bytes [58, 98] {POP EAX; CWDE }
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtAllocateVirtualMemory 77AC3FA4 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtCreateFile 77AC4244 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtCreateFile + 6 77AC424A 4 Bytes [28, F0, 7C, 00] {SUB AL, DH; JL 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtCreateFile + B 77AC424F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtCreateProcess 77AC4304 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
     
  12. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    Part 3


    C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtCreateProcessEx 77AC4314 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtDeleteFile 77AC4624 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtFreeVirtualMemory 77AC47B4 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtLoadDriver 77AC48D4 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtMapViewOfSection + 6 77AC499A 4 Bytes [28, F3, 7C, 00] {SUB BL, DH; JL 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtMapViewOfSection + B 77AC499F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenFile 77AC4A24 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenFile + 6 77AC4A2A 4 Bytes [68, F0, 7C, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenFile + B 77AC4A2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcess + 6 77AC4AAA 4 Bytes [A8, F1, 7C, 00] {TEST AL, 0xf1; JL 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcess + B 77AC4AAF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcessToken + B 77AC4ABF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcessTokenEx + 6 77AC4ACA 4 Bytes [A8, F2, 7C, 00] {TEST AL, 0xf2; JL 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcessTokenEx + B 77AC4ACF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThread + 6 77AC4B1A 4 Bytes [68, F1, 7C, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThread + B 77AC4B1F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThreadToken + 6 77AC4B2A 4 Bytes [68, F2, 7C, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThreadToken + B 77AC4B2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThreadTokenEx + B 77AC4B3F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtProtectVirtualMemory 77AC4BA4 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtQueryAttributesFile + 6 77AC4BCA 4 Bytes [A8, F0, 7C, 00] {TEST AL, 0xf0; JL 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtQueryAttributesFile + B 77AC4BCF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtQueryFullAttributesFile + B 77AC4C7F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationFile + 6 77AC515A 4 Bytes [28, F1, 7C, 00] {SUB CL, DH; JL 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationFile + B 77AC515F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationProcess 77AC5194 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationThread + 6 77AC51AA 4 Bytes [28, F2, 7C, 00] {SUB DL, DH; JL 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationThread + B 77AC51AF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtUnloadDriver 77AC53E4 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtUnmapViewOfSection + 6 77AC544A 4 Bytes [68, F3, 7C, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtUnmapViewOfSection + B 77AC544F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtWriteVirtualMemory 77AC54E4 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!KiUserExceptionDispatcher 77AC5C28 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!RtlAllocateHeap 77AC6400 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!VirtualProtect 76121DC3 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!OpenFile 7612355A 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!MoveFileW 7612A2F2 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CopyFileExW 76130211 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CopyFileW 76130299 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!DeleteFileW 7613F53E 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!DeleteFileA 7613F65A 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!MoveFileWithProgressW 7614112C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!MoveFileExW 76141150 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!LoadLibraryExW 7614926C 7 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!LoadLibraryW 761493F0 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!LoadLibraryExA 76149544 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!LoadLibraryA 7614956C 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!GetProcAddress 7616921B 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!GetModuleHandleA 76169485 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!GetModuleHandleW 7616AA04 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CreateFileW 7616B0CB 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CreateFileA 7616D05F 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!MoveFileExA 7617110A 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!MoveFileWithProgressA 7617112A 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CopyFileA 76172633 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!MoveFileA 761AF8A1 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CopyFileExA 761B1C59 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!WinExec 761B614F 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!LoadModule 761B62A7 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00820600
  13. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    Part 4


    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00820804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00820A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 008201F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 008203FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 008303FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00830600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00831014
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00830804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00830A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00830C0C
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00830E10
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 008301F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] SHELL32.dll!ShellExecuteW 76779725 3 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] SHELL32.dll!ShellExecuteW + 4 76779729 1 Byte [99]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] SHELL32.dll!ShellExecuteExW 767CC15D 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] SHELL32.dll!ShellExecuteEx 7697A432 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[244] SHELL32.dll!ShellExecuteA 7697A4CD 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!LdrGetProcedureAddress 77AA56E0 2 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!LdrGetProcedureAddress + 3 77AA56E3 2 Bytes [58, 98] {POP EAX; CWDE }
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtAllocateVirtualMemory 77AC3FA4 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtCreateFile 77AC4244 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtCreateProcess 77AC4304 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtCreateProcessEx 77AC4314 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtDeleteFile 77AC4624 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtFreeVirtualMemory 77AC47B4 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtLoadDriver 77AC48D4 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenFile 77AC4A24 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtProtectVirtualMemory 77AC4BA4 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtSetInformationProcess 77AC5194 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtUnloadDriver 77AC53E4 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtWriteVirtualMemory 77AC54E4 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!KiUserExceptionDispatcher 77AC5C28 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!RtlAllocateHeap 77AC6400 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!VirtualProtect 76121DC3 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!OpenFile 7612355A 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!MoveFileW 7612A2F2 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CopyFileExW 76130211 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CopyFileW 76130299 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!DeleteFileW 7613F53E 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!DeleteFileA 7613F65A 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!MoveFileWithProgressW 7614112C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!MoveFileExW 76141150 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!LoadLibraryExW 7614926C 7 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!LoadLibraryW 761493F0 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!LoadLibraryExA 76149544 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!LoadLibraryA 7614956C 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!GetProcAddress 7616921B 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!GetModuleHandleA 76169485 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!GetModuleHandleW 7616AA04 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CreateFileW 7616B0CB 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CreateFileA 7616D05F 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!MoveFileExA 7617110A 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!MoveFileWithProgressA 7617112A 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CopyFileA 76172633 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!MoveFileA 761AF8A1 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CopyFileExA 761B1C59 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!WinExec 761B614F 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!LoadModule 761B62A7 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00070600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00070804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00080600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00081014
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00080804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00080A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00080C0C
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00080E10
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!CreateServiceA 762F72A1 3 Bytes JMP 000801F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!CreateServiceA + 4 762F72A5 1 Byte [89]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] SHELL32.dll!ShellExecuteW 76779725 3 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] SHELL32.dll!ShellExecuteW + 4 76779729 1 Byte [99]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] SHELL32.dll!ShellExecuteExW 767CC15D 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] SHELL32.dll!ShellExecuteEx 7697A432 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] SHELL32.dll!ShellExecuteA 7697A4CD 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\csrss.exe[592] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[648] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
  14. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    Part 5

    .text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!RegisterRawInputDevices 77446161 5 Bytes JMP 10018E60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 1001CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SystemParametersInfoA 774482E1 7 Bytes JMP 1001C5F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!GetAsyncKeyState 7744863C 5 Bytes JMP 10019080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 1001C810 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SendNotifyMessageW 774493D6 5 Bytes JMP 1001A0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!MoveWindow 7744989F 5 Bytes JMP 10018B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 1001C0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SetParent 7744A2AA 5 Bytes JMP 100188E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!PostThreadMessageA 7744BD34 5 Bytes JMP 1001B8E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!GetKeyboardState 7744BD7D 5 Bytes JMP 100195E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!RegisterHotKey 7744BDA5 5 Bytes JMP 100180A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!EnableWindow 7744CD8B 5 Bytes JMP 10017E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!PostMessageA 7744F8F8 5 Bytes JMP 1001BE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SendMessageA 7744F956 5 Bytes JMP 1001B3A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SendMessageTimeoutW 7745352D 5 Bytes JMP 1001AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SendMessageCallbackW 77454570 5 Bytes JMP 1001A600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!PostThreadMessageW 77457C8E 5 Bytes JMP 1001B640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!GetKeyState 77458CB1 5 Bytes JMP 10019330 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!PostMessageW 7745A175 5 Bytes JMP 1001BB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SendMessageW 77460AED 5 Bytes JMP 1001B100 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SystemParametersInfoW 774611D8 7 Bytes JMP 1001C3D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SendDlgItemMessageA 7746275B 5 Bytes JMP 10019E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SetClipboardViewer 7746BA2D 5 Bytes JMP 100186E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SendNotifyMessageA 7746DFCF 5 Bytes JMP 1001A360 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!BlockInput 7746FF0A 5 Bytes JMP 100184E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SendMessageTimeoutA 77470006 5 Bytes JMP 1001AE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!mouse_event 7747044E 5 Bytes JMP 10029670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SendDlgItemMessageW 77470E38 5 Bytes JMP 10019B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SendInput 77472F75 5 Bytes JMP 10019890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!GetClipboardData 7748715A 5 Bytes JMP 100182D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!ExitWindowsEx 7748B7C3 5 Bytes JMP 10017BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!keybd_event 7749D972 5 Bytes JMP 10029880 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SendMessageCallbackA 774A2CA7 5 Bytes JMP 1001A8C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] GDI32.dll!BitBlt 762070A6 5 Bytes JMP 100293E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] GDI32.dll!StretchBlt 762093D6 5 Bytes JMP 10028C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] GDI32.dll!MaskBlt 7620C5CB 5 Bytes JMP 10029130 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[648] GDI32.dll!PlgBlt 7621EB50 5 Bytes JMP 10028EA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\csrss.exe[656] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\services.exe[696] services.exe 00451628 4 Bytes [80, E1, 01, 10]
    .text C:\Windows\system32\services.exe[696] services.exe 00451638 4 Bytes [60, DC, 01, 10]
    .text C:\Windows\system32\services.exe[696] services.exe 00451658 4 Bytes [A0, E4, 01, 10]
    .text C:\Windows\system32\services.exe[696] services.exe 00451668 4 Bytes [E0, DE, 01, 10] {LOOPNZ 0xffffffe0; ADD [EAX], EDX}
    .text C:\Windows\system32\services.exe[696] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[696] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[696] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[696] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[696] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[696] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[696] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\services.exe[696] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[696] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[696] RPCRT4.dll!RpcServerRegisterIfEx 7654929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[696] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[696] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[696] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[696] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[712] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[712] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[712] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[712] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[712] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[712] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[712] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[712] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[712] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[724] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[724] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[724] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[724] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[724] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[724] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[724] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[724] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[724] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[724] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[724] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[724] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[724] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\winlogon.exe[760] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00070600
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00070804
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00070A08
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00080600
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00081014
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00080804
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00080A08
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00080C0C
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00080E10
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!CreateServiceA 762F72A1 3 Bytes JMP 000801F8
    .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!CreateServiceA + 4 762F72A5 1 Byte [89]
    .text C:\Windows\ehome\ehmsas.exe[812] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
  15. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    Part 6

    .text C:\Windows\ehome\ehmsas.exe[812] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\ehome\ehmsas.exe[812] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\ehome\ehmsas.exe[812] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\ehome\ehmsas.exe[812] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\ehome\ehmsas.exe[812] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\ehome\ehmsas.exe[812] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000603FC
    .text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00060600
    .text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00061014
    .text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00060804
    .text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00060A08
    .text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00060C0C
    .text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00060E10
    .text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000601F8
    .text C:\Windows\ehome\ehmsas.exe[812] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00070600
    .text C:\Windows\ehome\ehmsas.exe[812] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00070804
    .text C:\Windows\ehome\ehmsas.exe[812] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00070A08
    .text C:\Windows\ehome\ehmsas.exe[812] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000701F8
    .text C:\Windows\ehome\ehmsas.exe[812] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000703FC
    .text C:\Windows\ehome\ehmsas.exe[812] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\ehome\ehmsas.exe[812] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\ehome\ehmsas.exe[812] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\ehome\ehmsas.exe[812] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] RPCRT4.dll!RpcServerRegisterIfEx 7654929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[892] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\nvvsvc.exe[956] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\nvvsvc.exe[956] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\nvvsvc.exe[956] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\nvvsvc.exe[956] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\nvvsvc.exe[956] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\nvvsvc.exe[956] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\nvvsvc.exe[956] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\nvvsvc.exe[956] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\nvvsvc.exe[956] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\nvvsvc.exe[956] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[984] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] RPCRT4.dll!RpcServerRegisterIfEx 7654929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[984] rpcss.dll!WhichService 75183F84 8 Bytes JMP ED501001
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1028] ntdll.dll!NtAllocateVirtualMemory 77AC3FA4 5 Bytes JMP 00533F00 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1028] ntdll.dll!NtCreateFile 77AC4244 5 Bytes JMP 0054D9A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1028] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[1080] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[1080] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[1080] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[1080] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[1080] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[1080] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[1080] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\taskeng.exe[1080] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\taskeng.exe[1080] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\taskeng.exe[1080] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\taskeng.exe[1080] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\taskeng.exe[1080] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\taskeng.exe[1080] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[1080] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[1080] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[1080] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1128] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1128] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1128] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1128] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1128] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1128] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1128] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1128] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1156] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1156] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1156] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1156] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1240] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1240] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1240] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1240] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1240] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1240] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1240] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1240] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1240] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1272] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1272] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1272] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1272] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1272] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1272] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1272] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1272] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1272] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] RPCRT4.dll!RpcServerRegisterIfEx 7654929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1292] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1352] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1352] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1352] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1352] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1352] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1352] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1352] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\AUDIODG.EXE[1352] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1352] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1352] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1352] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1352] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1352] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1380] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
  16. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    Part 7

    .text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1380] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1380] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1380] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1380] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!LdrGetProcedureAddress 77AA56E0 2 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!LdrGetProcedureAddress + 3 77AA56E3 2 Bytes [58, 98] {POP EAX; CWDE }
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtAllocateVirtualMemory 77AC3FA4 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtCreateFile 77AC4244 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtCreateFile + 6 77AC424A 4 Bytes [28, DC, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtCreateFile + B 77AC424F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtCreateProcess 77AC4304 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtCreateProcessEx 77AC4314 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtDeleteFile 77AC4624 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtFreeVirtualMemory 77AC47B4 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtLoadDriver 77AC48D4 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtMapViewOfSection + 6 77AC499A 4 Bytes [28, DF, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtMapViewOfSection + B 77AC499F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenFile 77AC4A24 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenFile + 6 77AC4A2A 4 Bytes [68, DC, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenFile + B 77AC4A2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenProcess + 6 77AC4AAA 4 Bytes [A8, DD, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenProcess + B 77AC4AAF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenProcessToken + B 77AC4ABF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenProcessTokenEx + 6 77AC4ACA 4 Bytes [A8, DE, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenProcessTokenEx + B 77AC4ACF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenThread + 6 77AC4B1A 4 Bytes [68, DD, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenThread + B 77AC4B1F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenThreadToken + 6 77AC4B2A 4 Bytes [68, DE, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenThreadToken + B 77AC4B2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenThreadTokenEx + B 77AC4B3F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtProtectVirtualMemory 77AC4BA4 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtQueryAttributesFile + 6 77AC4BCA 4 Bytes [A8, DC, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtQueryAttributesFile + B 77AC4BCF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtQueryFullAttributesFile + B 77AC4C7F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtSetInformationFile + 6 77AC515A 4 Bytes [28, DD, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtSetInformationFile + B 77AC515F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtSetInformationProcess 77AC5194 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtSetInformationThread + 6 77AC51AA 4 Bytes [28, DE, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtSetInformationThread + B 77AC51AF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtUnloadDriver 77AC53E4 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtUnmapViewOfSection + 6 77AC544A 4 Bytes [68, DF, 27, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtUnmapViewOfSection + B 77AC544F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtWriteVirtualMemory 77AC54E4 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!KiUserExceptionDispatcher 77AC5C28 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!RtlAllocateHeap 77AC6400 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!VirtualProtect 76121DC3 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!OpenFile 7612355A 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!MoveFileW 7612A2F2 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CopyFileExW 76130211 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CopyFileW 76130299 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!DeleteFileW 7613F53E 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!DeleteFileA 7613F65A 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!MoveFileWithProgressW 7614112C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!MoveFileExW 76141150 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!LoadLibraryExW 7614926C 7 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!LoadLibraryW 761493F0 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!LoadLibraryExA 76149544 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!LoadLibraryA 7614956C 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!GetProcAddress 7616921B 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!GetModuleHandleA 76169485 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!GetModuleHandleW 7616AA04 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CreateFileW 7616B0CB 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CreateFileA 7616D05F 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!MoveFileExA 7617110A 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!MoveFileWithProgressA 7617112A 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CopyFileA 76172633 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!MoveFileA 761AF8A1 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CopyFileExA 761B1C59 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!WinExec 761B614F 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!LoadModule 761B62A7 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00320600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00320804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00320A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 003201F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 003203FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 003303FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00330600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00331014
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00330804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00330A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00330C0C
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00330E10
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 003301F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] SHELL32.dll!ShellExecuteW 76779725 3 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] SHELL32.dll!ShellExecuteW + 4 76779729 1 Byte [99]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] SHELL32.dll!ShellExecuteExW 767CC15D 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] SHELL32.dll!ShellExecuteEx 7697A432 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] SHELL32.dll!ShellExecuteA 7697A4CD 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1452] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1452] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1452] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1452] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1452] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1452] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00070600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00070804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00070A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00080600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00081014
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00080804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00080A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00080C0C
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00080E10
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!CreateServiceA 762F72A1 3 Bytes JMP 000801F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!CreateServiceA + 4 762F72A5 1 Byte [89]
    .text C:\Windows\system32\rundll32.exe[1508] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\rundll32.exe[1508] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\rundll32.exe[1508] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\rundll32.exe[1508] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\rundll32.exe[1508] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\rundll32.exe[1508] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\rundll32.exe[1508] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\rundll32.exe[1508] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\rundll32.exe[1508] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\rundll32.exe[1508] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\rundll32.exe[1508] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\rundll32.exe[1508] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\rundll32.exe[1508] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000903FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00090600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00091014
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00090804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00090A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00090C0C
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00090E10
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000901F8
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!SetUnhandledExceptionFilter 7614A8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[1864] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[1864] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[1864] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[1864] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[1864] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[1864] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[1864] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[1864] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[1864] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[1864] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[1864] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
  17. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    Part 8

    .text C:\Windows\System32\spoolsv.exe[1864] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[1864] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] RPCRT4.dll!RpcServerRegisterIfEx 7654929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1904] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000903FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00090600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00091014
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00090804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00090A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00090C0C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00090E10
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000901F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00090600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00090804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00090A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000901F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[2252] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2252] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2252] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2252] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2252] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[2252] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Windows\system32\svchost.exe[2252] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\svchost.exe[2252] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\svchost.exe[2252] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\svchost.exe[2252] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[2252] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2252] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2252] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2252] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2268] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2268] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2268] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[2268] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Windows\system32\svchost.exe[2268] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\svchost.exe[2268] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\svchost.exe[2268] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\svchost.exe[2268] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[2268] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2268] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2268] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2268] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2312] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2312] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2312] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2312] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2312] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2312] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2312] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Windows\System32\svchost.exe[2312] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Windows\System32\svchost.exe[2312] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Windows\System32\svchost.exe[2312] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2312] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2312] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2312] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[2392] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[2392] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[2392] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[2392] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[2392] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[2392] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[2392] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\SearchIndexer.exe[2392] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Windows\system32\SearchIndexer.exe[2392] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\SearchIndexer.exe[2392] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\SearchIndexer.exe[2392] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\SearchIndexer.exe[2392] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\SearchIndexer.exe[2392] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[2392] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[2392] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[2392] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00170600
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00170804
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00170A08
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 001701F8
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 001703FC
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 002803FC
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00280600
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00281014
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00280804
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00280A08
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00280C0C
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00280E10
    .text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 002801F8
    .text C:\Windows\system32\Dwm.exe[2700] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[2700] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[2700] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[2700] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[2700] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[2700] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[2700] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\Dwm.exe[2700] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[2700] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[2700] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[2700] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[2700] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Windows\system32\Dwm.exe[2700] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\Dwm.exe[2700] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\Dwm.exe[2700] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\Dwm.exe[2700] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Windows\Explorer.EXE[2732] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[2732] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[2732] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[2732] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[2732] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[2732] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[2732] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
    .text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
    .text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
    .text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
    .text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
    .text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
    .text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
    .text C:\Windows\Explorer.EXE[2732] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[2732] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[2732] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[2732] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[2732] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Windows\Explorer.EXE[2732] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Windows\Explorer.EXE[2732] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Windows\Explorer.EXE[2732] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Windows\Explorer.EXE[2732] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
  18. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    Part 9
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Windows Defender\MSASCui.exe[2912] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 001601F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 001603FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ntdll.dll!NtAllocateVirtualMemory 77AC3FA4 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00170600
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00180600
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00180804
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00180A08
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\svchost.exe[3008] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3008] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3008] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3008] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3008] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3008] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3008] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[3008] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Windows\system32\svchost.exe[3008] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\svchost.exe[3008] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\svchost.exe[3008] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\svchost.exe[3008] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[3008] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3008] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3008] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3008] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\System32\rundll32.exe[3064] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Windows\System32\rundll32.exe[3064] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Windows\System32\rundll32.exe[3064] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Windows\System32\rundll32.exe[3064] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Windows\System32\rundll32.exe[3064] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Windows\System32\rundll32.exe[3064] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000903FC
    .text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00090600
    .text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00091014
    .text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00090804
    .text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00090A08
    .text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00090C0C
    .text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00090E10
    .text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000901F8
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] user32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00170600
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] user32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00170804
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] user32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00170A08
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] user32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] user32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00180600
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3140] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!LdrGetProcedureAddress 77AA56E0 2 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!LdrGetProcedureAddress + 3 77AA56E3 2 Bytes [58, 98] {POP EAX; CWDE }
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtAllocateVirtualMemory 77AC3FA4 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtCreateFile 77AC4244 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtCreateFile + 6 77AC424A 4 Bytes [28, 34, 23, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtCreateFile + B 77AC424F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtCreateProcess 77AC4304 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtCreateProcessEx 77AC4314 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtDeleteFile 77AC4624 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtFreeVirtualMemory 77AC47B4 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtLoadDriver 77AC48D4 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtMapViewOfSection + 6 77AC499A 4 Bytes [28, 37, 23, 00] {SUB [EDI], DH; AND EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtMapViewOfSection + B 77AC499F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenFile 77AC4A24 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenFile + 6 77AC4A2A 4 Bytes [68, 34, 23, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenFile + B 77AC4A2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenProcess + 6 77AC4AAA 4 Bytes [A8, 35, 23, 00] {TEST AL, 0x35; AND EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenProcess + B 77AC4AAF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenProcessToken + B 77AC4ABF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenProcessTokenEx + 6 77AC4ACA 4 Bytes [A8, 36, 23, 00] {TEST AL, 0x36; AND EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenProcessTokenEx + B 77AC4ACF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenThread + 6 77AC4B1A 4 Bytes [68, 35, 23, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenThread + B 77AC4B1F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenThreadToken + 6 77AC4B2A 4 Bytes [68, 36, 23, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenThreadToken + B 77AC4B2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenThreadTokenEx + B 77AC4B3F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtProtectVirtualMemory 77AC4BA4 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtQueryAttributesFile + 6 77AC4BCA 4 Bytes [A8, 34, 23, 00] {TEST AL, 0x34; AND EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtQueryAttributesFile + B 77AC4BCF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtQueryFullAttributesFile + B 77AC4C7F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtSetInformationFile + 6 77AC515A 4 Bytes [28, 35, 23, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtSetInformationFile + B 77AC515F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtSetInformationProcess 77AC5194 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtSetInformationThread + 6 77AC51AA 4 Bytes [28, 36, 23, 00] {SUB [ESI], DH; AND EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtSetInformationThread + B 77AC51AF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtUnloadDriver 77AC53E4 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtUnmapViewOfSection + 6 77AC544A 4 Bytes [68, 37, 23, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtUnmapViewOfSection + B 77AC544F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtWriteVirtualMemory 77AC54E4 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!KiUserExceptionDispatcher 77AC5C28 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!RtlAllocateHeap 77AC6400 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!VirtualProtect 76121DC3 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!OpenFile 7612355A 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!MoveFileW 7612A2F2 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CopyFileExW 76130211 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CopyFileW 76130299 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!DeleteFileW 7613F53E 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!DeleteFileA 7613F65A 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!MoveFileWithProgressW 7614112C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!MoveFileExW 76141150 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!LoadLibraryExW 7614926C 7 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!LoadLibraryW 761493F0 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!LoadLibraryExA 76149544 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!LoadLibraryA 7614956C 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!GetProcAddress 7616921B 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!GetModuleHandleA 76169485 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!GetModuleHandleW 7616AA04 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CreateFileW 7616B0CB 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CreateFileA 7616D05F 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!MoveFileExA 7617110A 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!MoveFileWithProgressA 7617112A 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CopyFileA 76172633 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!MoveFileA 761AF8A1 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CopyFileExA 761B1C59 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!WinExec 761B614F 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!LoadModule 761B62A7 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00290600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00290804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00290A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 002901F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 002903FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 002A03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 002A0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 002A1014
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 002A0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 002A0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 002A0C0C
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 002A0E10
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 002A01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] SHELL32.dll!ShellExecuteW 76779725 3 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] SHELL32.dll!ShellExecuteW + 4 76779729 1 Byte [99]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] SHELL32.dll!ShellExecuteExW 767CC15D 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] SHELL32.dll!ShellExecuteEx 7697A432 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] SHELL32.dll!ShellExecuteA 7697A4CD 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00070600
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00070804
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00070A08
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00080600
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00081014
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00080804
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00080A08
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00080C0C
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00080E10
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!CreateServiceA 762F72A1 3 Bytes JMP 000801F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!CreateServiceA + 4 762F72A5 1 Byte [89]
    .text C:\Windows\system32\taskeng.exe[3416] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[3416] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[3416] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[3416] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[3416] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[3416] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[3416] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\taskeng.exe[3416] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\taskeng.exe[3416] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\taskeng.exe[3416] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\taskeng.exe[3416] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\taskeng.exe[3416] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\taskeng.exe[3416] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[3416] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[3416] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskeng.exe[3416] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!LdrGetProcedureAddress 77AA56E0 2 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)


    ---- EOF - GMER 2.0 ----
     
  19. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    .Remainin g logs to follow
  20. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    DDS txt

    dds.txt
    ===================================================================
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer:
    Run by Puffin at 20:59:31 on 2013-01-14
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1514 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\TrojanHunter 5.5\THGuard.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Jeanne\Desktop\gmer3p.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\WmiPrvSE.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\WmiPrvSE.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Ghostery Add-On: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adblock Pro: {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - c:\program files\adblock pro\AdblockPro.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [THGuard] "c:\program files\trojanhunter 5.5\THGuard.exe"
    mRunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{184906ff-ed62-4ee5-bd9c-fd55a3fb7b2d}
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: LocalAccountTokenFilterPolicy = dword:1
    IE: &Block This Image (ABP) - c:\program files\adblock pro\blockimg.html
    IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - c:\program files\adblock pro\AdblockPro.dll
    DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{CCC8242C-EF87-480D-BD77-B9EF4CA8572B} : DHCPNameServer = 192.168.0.1
    Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - c:\program files\ghosteryieplugin\GhosteryMimeFilter.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    AppInit_DLLs= c:\windows\system32\guard32.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-28 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-28 361032]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 491816]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 38616]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-28 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-6-28 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-6 44808]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-7-8 21504]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-9 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-8 682344]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-8 21104]
    R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
    R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
    .
    =============== Created Last 30 ================
    .
    2013-01-15 01:28:30--------d-----w-c:\users\puffin\appdata\roaming\TrojanHunter
    2013-01-14 21:30:14--------d-----w-c:\program files\VS Revo Group
    2013-01-14 20:25:01--------d-----w-c:\windows\system32\wbem\repository
    2013-01-14 20:11:17--------d-----w-c:\programdata\TrojanHunter
    2013-01-14 20:11:16--------d-----w-c:\program files\TrojanHunter 5.5
    2013-01-14 02:04:39--------d--h--w-c:\windows\msdownld.tmp
    2013-01-13 06:10:0553248----a-w-c:\windows\system32\zlib.dll
    2013-01-13 06:03:236812136----a-w-c:\programdata\microsoft\windows defender\definition updates\{755027a8-c5ca-4981-ad68-6c2c1825ddbe}\mpengine.dll
    2013-01-13 05:52:55131344----a-w-c:\windows\system32\drivers\tmrkb.sys
    2013-01-13 05:52:25205072----a-w-c:\windows\system32\drivers\tmcomm.sys
    2013-01-12 20:29:36--------d-----w-C:\bd_logs
    2013-01-10 02:54:07204288----a-w-c:\windows\system32\ncrypt.dll
    2013-01-10 02:54:061400832----a-w-c:\windows\system32\msxml6.dll
    2013-01-09 23:22:27--------d-----w-c:\users\puffin\appdata\roaming\SUPERAntiSpyware.com
    2012-12-26 02:24:36293376----a-w-c:\windows\system32\atmfd.dll
    2012-12-26 02:24:3534304----a-w-c:\windows\system32\atmlib.dll
    2012-12-21 01:29:54652296----a-w-c:\programdata\microsoft\ehome\packages\sportstemplate\sportstemplatecore\M icrosoft.MediaCenter.Sports.UI.dll
    2012-12-21 01:29:33644368----a-w-c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\Spotlight Resources.dll
    2012-12-21 01:29:17416128----a-w-c:\programdata\microsoft\ehome\packages\nettv\browse\NetTVResources.dll
    .
    ==================== Find3M ====================
    .
    2013-01-10 20:54:1474248----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-10 20:54:14697864----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-12-14 21:49:2821104----a-w-c:\windows\system32\drivers\mbam.sys
    2012-11-14 02:09:221800704----a-w-c:\windows\system32\jscript9.dll
    2012-11-14 01:58:151427968----a-w-c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:371129472----a-w-c:\windows\system32\wininet.dll
    2012-11-14 01:49:25142848----a-w-c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27420864----a-w-c:\windows\system32\vbscript.dll
    2012-11-14 01:44:422382848----a-w-c:\windows\system32\mshtml.tlb
    2012-11-13 01:36:352048000----a-w-c:\windows\system32\win32k.sys
    2012-11-13 01:29:512048----a-w-c:\windows\system32\tzres.dll
    2012-11-02 10:18:17376320----a-w-c:\windows\system32\dpnet.dll
    2012-11-02 08:26:0623040----a-w-c:\windows\system32\dpnsvr.exe
    2012-10-30 23:51:58738504----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 23:51:5758680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-30 23:51:0741224----a-w-c:\windows\avastSS.scr
    .
    ============= FINISH: 21:00:32.77 ===============
  21. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    DDS Attach

    Attach
    =====================================================================
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/28/2012 9:27:39 PM
    System Uptime: 1/14/2013 6:57:55 PM (3 hours ago)
    .
    Motherboard: Dell Inc | | 0UW457
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2000/1000mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 366.272 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 223 GiB total, 158.818 GiB free.
    F: is FIXED (NTFS) - 10 GiB total, 4.44 GiB free.
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Adblock Pro 3.6
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    att.net Internet Mail
    avast! Free Antivirus
    Canon MP Navigator EX 2.0
    CCleaner
    COMODO Internet Security
    Dell Resource CD
    EPSON Printer Software
    Ghostery IE Plugin
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Logitech Communications Manager
    Malwarebytes Anti-Malware version 1.70.0.1100
    McAfee Security Scan Plus
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    NVIDIA Drivers
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    SUPERAntiSpyware
    TrojanHunter 5.5
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    VLC media player 2.0.2
    .
    ==== End Of File ===========================
  22. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    Alright. Everything should be as you requested.
  23. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =========================

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  24. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    I tried running Rougekiller. Commodo FW said it is known malware.
    Similarly, I ran MBAR with nothing found. I will get the MBAR logs for you tonight. Is there an alternative to Rouge?
  25. Mike Shears

    Mike Shears Newcomer, in training Topic Starter Posts: 32

    Attempting to Download Rouge I get the following popup in IESmart screen Rougue Killer.exe is not commonly downloaded and could harm your computer. Gives me the option to Delete, Actions and view downloads. I select actions and it gives me the option to delete and don't run.
    Similarly when I try to run MBAR I get a popup stating Probable root kit activity detected
    Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity.
    I have the option to select yes if I want to remove this valie and restart the tool or no if I am unsure. I'm selecting No for now.

    MBAR LOG
    ================================================
    Malwarebytes Anti-Rootkit BETA 1.01.0.1017
    www.malwarebytes.org
    Database version: v2013.01.31.09
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Puffin :: JEANNE-PC [administrator]
    2/1/2013 6:55:23 PM
    mbar-log-2013-02-01 (18-55-23).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 27064
    Time elapsed: 7 minute(s), 31 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    =====================================

    System-log
    ===================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1017
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.0.6002 Windows Vista Service Pack 2 x86
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 2.004000 GHz
    Memory total: 3218677760, free: 2135326720
    ------------ Kernel report ------------
    02/01/2013 18:39:35
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\nvstor.sys
    \SystemRoot\system32\drivers\storport.sys
    \SystemRoot\system32\DRIVERS\nvstor32.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\amdk8.sys
    \SystemRoot\system32\DRIVERS\atinavrr.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\BdaSup.SYS
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\system32\DRIVERS\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    \SystemRoot\system32\DRIVERS\VSTBS23.SYS
    \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
    \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\fdc.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\System32\DRIVERS\cmdguard.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\System32\DRIVERS\cmdhlp.sys
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\Drivers\AswRdr.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\inspect.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_nvstor32.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\tdtcp.sys
    \SystemRoot\System32\DRIVERS\tssecsrv.sys
    \SystemRoot\System32\Drivers\RDPWD.SYS
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff86b40a20
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000053\
    Lower Device Object: 0xffffffff85f2cc90
    Lower Device Driver Name: \Driver\nvstor32\
    Driver name found: nvstor32
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)
    IRP handler 0 hooked
    IRP handler 2 hooked
    IRP handler 14 hooked
    IRP handler 15 hooked
    IRP handler 22 hooked
    IRP handler 23 hooked
    IRP handler 27 hooked
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86a3d528
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000051\
    Lower Device Object: 0xffffffff85176748
    Lower Device Driver Name: \Driver\nvstor32\
    Driver name found: nvstor32
    Downloaded database version: v2013.01.31.09
    Downloaded database version: v2013.01.23.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86a3d528, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86a3d1a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff86a3d528, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff85f2de00, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff85176748, DeviceName: \Device\00000051\, DriverName: \Driver\nvstor32\
    ------------ End ----------
    Upper DeviceData: 0xffffffff899fe9b0, 0xffffffff86a3d528, 0xffffffff867b4ac8
    Lower DeviceData: 0xffffffff898d6488, 0xffffffff85176748, 0xffffffff8852e730
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 529208E5
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 976769024
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff86b40a20, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86b40640, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff86b40a20, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff85f2ca60, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff85f2cc90, DeviceName: \Device\00000053\, DriverName: \Driver\nvstor32\
    ------------ End ----------
    Upper DeviceData: 0xffffffffad63c138, 0xffffffff86b40a20, 0xffffffff855c4ac8
    Lower DeviceData: 0xffffffffa9b55080, 0xffffffff85f2cc90, 0xffffffff8563b040
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 78000000
    Partition information:
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 128457
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 129024 Numsec = 20971520
    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 21100544 Numsec = 467177472
    Partition file system is NTFS
    Partition is bootable
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 250000000000 bytes
    Sector size: 512 bytes
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.