TechSpot

Google redirects general annoyances

Inactive
By Demianwulf
Jul 31, 2011
  1. Ran Malwarebytes and followed the sticky as much as possible.
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7321

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    7/29/2011 6:41:52 PM
    mbam-log-2011-07-29 (18-41-52).txt

    Scan type: Quick scan
    Objects scanned: 205377
    Time elapsed: 26 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\laura\application data\Sun\mnj.dat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\laura\application data\Sun\mxd1.txt (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\laura\application data\Sun\uuoo.dat (Malware.Trace) -> Quarantined and deleted successfully.
     
  2. Demianwulf

    Demianwulf TS Rookie Topic Starter Posts: 74

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe Acrobat 9 Pro - English, Fran├žais, Deutsch
    Adobe Acrobat 9.4.2 - CPSID_83708
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Contribute CS4
    Adobe Creative Suite 4 Web Premium
    Adobe CS4 American English Speech Analysis Models
    Adobe CS4 French Speech Analysis Models
    Adobe CS4 German Speech Analysis Models
    Adobe CS4 International English Speech Analysis Models
    Adobe CS4 Italian Speech Analysis Models
    Adobe CS4 Japanese Speech Analysis Models
    Adobe CS4 Korean Speech Analysis Models
    Adobe CS4 Spanish Speech Analysis Models
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader X (10.1.0)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Soundbooth CS4
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advanced Audio FX Engine
    Advanced Video FX Engine
    AiO_Scan
    aioprnt
    aioscnnr
    AiOSoftware
    Amazon MP3 Downloader 1.0.10
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    Bonjour
    BufferChm
    C4USelfUpdater
    CCleaner
    center
    COMODO Internet Security
    Connect
    CuteFTP 8 Home
    CuteFTP 8 Lite
    Dell Driver Download Manager
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Destinations
    Director
    Disney Toontown Online
    essentials
    Fax
    Fax Machine 4.33
    Fingerprint Reader Suite 5.6
    Google Talk (remove only)
    Google Talk Plugin
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Extended Capabilities 4.7
    HP Image Zone 4.7
    HP Image Zone Express
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HP Software Update
    HPSystemDiagnostics
    iTunes
    Java(TM) 6 Update 17
    Kodak AIO Printer
    KODAK AiO Software
    kuler
    Laptop Integrated Webcam Driver (1.02.01.0612)
    Lexmark 3600-4600 Series
    Malwarebytes' Anti-Malware
    MarketResearch
    McAfee Security Scan Plus
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 7.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.18)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    NetAssistant
    NetAssistant for Firefox
    Nitro PDF Professional
    nLite 1.4.9.1
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    ocr
    Octoshape add-in for Adobe Flash Player
    Opera 10.00
    PDF Settings CS4
    Peggle Deluxe
    Photoshop Camera Raw
    Pixel Bender Toolkit
    Plants vs. Zombies
    PreReq
    QFolder
    QuickTime
    Readme
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Safari
    Scan
    ScannerCopy
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SigmaTel Audio
    Sonic CinePlayer DVD Pack
    Spybot - Search & Destroy
    Suite Shared Configuration CS4
    TextPad 5
    TouchChip USB Driver 2.6
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebEx
    WebFldrs XP
    WebReg
    WIDCOMM Bluetooth Software
    Windows Driver Package - Intel (NETw4x32) net (03/13/2008 11.5.1.15)
    Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
    Windows Driver Package - Intel net (03/13/2008 11.5.1.15)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    WinZip 15.0
    Yontoo Layers Runtime 1.10.01
    .
    ==== End Of File ===========================
     
  3. Demianwulf

    Demianwulf TS Rookie Topic Starter Posts: 74

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
    Run by laura at 11:05:37 on 2011-07-31
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Conime] %windir%\system32\conime.exe
    mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    StartupFolder: c:\documents and settings\laura\start menu\programs\startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Audible Download Manager.lnk.disabled
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Bluetooth.lnk.disabled
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\McAfee Security Scan Plus.lnk.disabled
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Sonic CinePlayer Quick Launch.lnk.disabled
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254868765046
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27L/webex/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
    TCP: Interfaces\{721778C6-9B3B-4921-8BDE-AB0BAF4322D4} : DhcpNameServer = 68.87.73.246 68.87.71.230
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    LSA: Notification Packages = scecli psqlpwd
    mASetup: {3081C8F7-5710-4508-B8E1-BA5BB59FEC43} - rundll32.exe "c:\documents and settings\laura\application data\sun\gurfoat.dll", UnregisterDll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\laura\application data\mozilla\firefox\profiles\ouswtyky.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\laura\application data\mozilla\firefox\profiles\ouswtyky.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
    FF - plugin: c:\documents and settings\laura\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\laura\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\laura\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\laura\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: XULRunner: {87BC5F78-DB0A-473F-A1E2-9EB80EDA44C2} - c:\documents and settings\laura\local settings\application data\{87BC5F78-DB0A-473F-A1E2-9EB80EDA44C2}
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\documents and settings\laura\application data\NetAssistant
    .
    ---- FIREFOX POLICIES ----
    user_pref(security.warn_viewing_mixed,false);
    user_pref(security.warn_viewing_mixed.show_once,false);
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    user_pref(security.warn_submit_insecure,false);
    FF - user.js: security.warn_submit_insecure.show_once - false
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2011-07-30 10:55:08 4098 ----a-w- c:\windows\system32\tmp.reg
    2011-07-30 10:39:03 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-07-30 00:20:17 -------- d-----w- c:\program files\COMODO
    2011-07-30 00:19:15 -------- d-----w- c:\documents and settings\all users\application data\Comodo
    2011-07-30 00:18:31 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
    2011-07-30 00:16:51 -------- d-----w- c:\program files\CCleaner
    2011-07-29 22:44:01 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-29 22:43:44 40112 ----a-w- c:\windows\avastSS.scr
    2011-07-29 22:43:22 -------- d-----w- c:\program files\AVAST Software
    2011-07-29 22:43:22 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2011-07-29 22:21:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-07-29 22:21:07 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-07-24 21:24:10 -------- d-----w- c:\documents and settings\laura\application data\NetAssistant
    2011-07-24 21:23:06 -------- d-----w- c:\program files\Yontoo Layers Runtime
    2011-07-24 21:23:06 -------- d-----w- c:\program files\Free Offers from Freeze.com
    2011-07-24 21:22:58 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
    2011-07-24 16:46:18 -------- d-----w- C:\windowsinstall
    2011-07-24 16:15:08 -------- d-----w- c:\program files\nLite
    2011-07-24 16:13:39 2665796 ----a-w- c:\program files\nLite-1.4.9.1.installer.exe
    2011-07-21 18:49:04 -------- d-sh--r- C:\cmdcons
    2011-07-21 18:49:02 -------- d-----w- c:\windows\setup.pss
    2011-07-19 22:52:36 -------- d-----w- c:\documents and settings\laura\local settings\application data\{87BC5F78-DB0A-473F-A1E2-9EB80EDA44C2}
    .
    ==================== Find3M ====================
    .
    2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-30 13:38:14 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-06-30 13:38:14 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-06-30 13:38:12 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-06-30 13:37:26 285256 ----a-w- c:\windows\system32\guard32.dll
    2011-06-22 00:57:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-06 12:42:39 8588616 ----a-w- c:\program files\Firefox Setup 3.6.15.exe
    2011-03-06 05:31:17 6370816 ----a-w- c:\program files\iREB-r4.exe
    .
    ============= FINISH: 11:08:51.73 ===============
     
  4. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================================

    GMER log is missing.
     
  5. Demianwulf

    Demianwulf TS Rookie Topic Starter Posts: 74

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-07-31 16:22:43
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
    Running: 00t5o5l5.exe; Driver: C:\DOCUME~1\laura\LOCALS~1\Temp\fwlyqkob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xACE4C202]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xACEB2D8C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xACE706C1]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xACE4E7F0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xACE4E848]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xACE4E95E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xACE70075]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xACE4E746]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xACE4E898]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xACE4E79A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xACE4E90C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xACE4C226]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xACE70D87]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xACE7103D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xACE4EBE2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xACE70BF2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xACE70A5D]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xACEB2E3C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xACE4BFF0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xACE4C24A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xACE4ED56]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xACE4CCDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xACE4E820]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xACE4E870]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xACE4E988]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xACE703D1]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xACE4E772]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xACE4EA1A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xACE4E8D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xACE4E7C8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xACE4EAFE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xACE4E936]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xACEB2ED4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xACE708D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xACE4CBA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xACE7072A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xACEBB10E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xACE6F6E8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xACE4C26E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xACE4C292]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xACE4C04A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xACE4C186]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xACE70E8E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xACE4C162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xACE4C1AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xACE4C2B6]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xACEC8398]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 4 Bytes JMP D656F201
    .text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 8 Bytes [98, E8, E4, AC, 9A, E7, E4, ...] {CWDE ; CALL 0xffffffffe79aacea; IN AL, 0xac}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2CBC 80504558 4 Bytes [0C, E9, E4, AC] {OR AL, 0xe9; IN AL, 0xac}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 8 Bytes [20, E8, E4, AC, 70, E8, E4, ...] {AND AL, CH; IN AL, 0xac; JO 0xffffffffffffffee; IN AL, 0xac}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes JMP D7DCF33D
    .text ...
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL ACE4D335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP ACEC3D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP ACEC57F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP ACEC839C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5096380, 0x5414D5, 0xE8000020]
    .text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP ACE4FCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP ACE4FBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP ACE4EF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP ACE4FE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP ACE50014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP ACE4FB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP ACE4EE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP ACE4F180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP ACE4F326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP ACE4EE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP ACE4FBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP ACE4F2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP ACE4FD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP ACE4FF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP ACE4EFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP ACE4F03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP ACE4F0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP ACE4F0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP ACE4ED8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP ACE4EEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP ACE4F008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP ACE4F440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP ACE4FECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\DOCUME~1\laura\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\Explorer.EXE[396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\Explorer.EXE[396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\Explorer.EXE[396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\Explorer.EXE[396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\Explorer.EXE[396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\Explorer.EXE[396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[396] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[396] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
    .text C:\WINDOWS\system32\NLSSRV32.EXE[604] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
  6. Demianwulf

    Demianwulf TS Rookie Topic Starter Posts: 74

    .text C:\WINDOWS\system32\HPZipm12.exe[664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\HPZipm12.exe[664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\HPZipm12.exe[664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\HPZipm12.exe[664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\HPZipm12.exe[664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\HPZipm12.exe[664] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\HPZipm12.exe[664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\HPZipm12.exe[664] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\HPZipm12.exe[664] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\HPZipm12.exe[664] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[696] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\rundll32.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\rundll32.exe[696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\rundll32.exe[696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\rundll32.exe[696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\rundll32.exe[696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\rundll32.exe[696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\rundll32.exe[696] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\rundll32.exe[696] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[696] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\smss.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0096CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00975680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0096CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009726F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00973280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0097DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00971220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00971B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0097E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 0097E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apoint.exe[984] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apoint.exe[984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apoint.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\DellTPad\Apoint.exe[984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apoint.exe[984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apoint.exe[984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apoint.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\DellTPad\Apoint.exe[984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\DellTPad\Apoint.exe[984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\DellTPad\Apoint.exe[984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\DellTPad\Apoint.exe[984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\DellTPad\Apoint.exe[984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\DellTPad\Apoint.exe[984] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\csrss.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[992] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
    .text C:\WINDOWS\system32\winlogon.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
    .text C:\WINDOWS\system32\winlogon.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\winlogon.exe[1020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\winlogon.exe[1020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\winlogon.exe[1020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\winlogon.exe[1020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\winlogon.exe[1020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\spoolsv.exe[1044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\spoolsv.exe[1044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\spoolsv.exe[1044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\spoolsv.exe[1044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\spoolsv.exe[1044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\spoolsv.exe[1044] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1044] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\services.exe[1068] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\services.exe[1068] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\services.exe[1068] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\services.exe[1068] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\services.exe[1068] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\services.exe[1068] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1080] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1080] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\nvsvc32.exe[1232] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1268] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1268] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
  7. Demianwulf

    Demianwulf TS Rookie Topic Starter Posts: 74

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1336] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1336] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005190B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00531040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
    .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1404] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1404] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1456] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1456] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1596] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1596] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1740] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1740] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A6CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A75680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A6CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A726F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A73280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A71220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A71B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00A7DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00A7E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00A7E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
  8. Demianwulf

    Demianwulf TS Rookie Topic Starter Posts: 74

    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2436] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2436] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\HidFind.exe[2668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\HidFind.exe[2668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\HidFind.exe[2668] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\DellTPad\HidFind.exe[2668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\DellTPad\HidFind.exe[2668] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\DellTPad\HidFind.exe[2668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\DellTPad\HidFind.exe[2668] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\DellTPad\HidFind.exe[2668] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\DellTPad\HidFind.exe[2668] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\HidFind.exe[2668] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074CB10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apntex.exe[2728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apntex.exe[2728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apntex.exe[2728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\DellTPad\Apntex.exe[2728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\DellTPad\Apntex.exe[2728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\DellTPad\Apntex.exe[2728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\DellTPad\Apntex.exe[2728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\DellTPad\Apntex.exe[2728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\DellTPad\Apntex.exe[2728] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[2784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[2784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[2784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\ctfmon.exe[2784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\ctfmon.exe[2784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\ctfmon.exe[2784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\ctfmon.exe[2784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\ctfmon.exe[2784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\ctfmon.exe[2784] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[2784] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3020] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[3020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[3020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[3020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[3020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[3020] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\alg.exe[3020] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3020] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
  9. Demianwulf

    Demianwulf TS Rookie Topic Starter Posts: 74

    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3368] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00E47E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00E3CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E47E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E47ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00E47EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00E47E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00E474E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00E47E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00E47DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E47490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00E47DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00E47DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E47E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00E477A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00E47530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E45680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00E3CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00E47D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E47CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E47A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00E47D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E47D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E47AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E426F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E43280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E47D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E47AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00E47B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00E47AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E47CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00E47B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E47BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00E47CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00E47C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E47C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E47C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00E47B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00E47B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00E47BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E47C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00E47B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00E47BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00E47C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 00E47A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!WinExec + 3 7C862510 2 Bytes [5E, 84]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00E47D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00E41220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00E41B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006B1014
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006B0804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006B0A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006B0C0C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006B0E10
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006B01F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006B03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006B0600
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00E47970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 00E47990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 037D155A C:\Documents and Settings\laura\Application Data\Sun\gurfoat.dll (Google search plugin/Google Inc)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006C0804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006C0A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 037D13A4 C:\Documents and Settings\laura\Application Data\Sun\gurfoat.dll (Google search plugin/Google Inc)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006C0600
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006C01F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006C03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00E4DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 00E479F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 00E47A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 00E47A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 00E47A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00E4E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00E4E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] wininet.dll!InternetConnectA 3D94B0B2 5 Bytes JMP 00E479D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3496] wininet.dll!InternetConnectW 3D94C2A0 5 Bytes JMP 00E479B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00D5CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D65680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D5CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D626F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D63280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00D61220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00D61B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
  10. Demianwulf

    Demianwulf TS Rookie Topic Starter Posts: 74

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 005D1014
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 005D0804
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 005D0A08
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 005D0C0C
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 005D0E10
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005D01F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005D03FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 005D0600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005E0804
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 005E0A08
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005E0600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005E01F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005E03FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00D6DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104089D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00D6E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00D6E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xEE 0x00 0xDE ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8A 0xF6 0xCB 0xE8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0xE8 0x17 0x65 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xEE 0x00 0xDE ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8A 0xF6 0xCB 0xE8 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0xE8 0x17 0x65 ...

    ---- EOF - GMER 1.0.15 ----
     
  11. Demianwulf

    Demianwulf TS Rookie Topic Starter Posts: 74

    hope i posted all that correctly seems bigger than i remember...apologies if it is incorrect. I'll rerun if necessary.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    You did fine :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  13. Demianwulf

    Demianwulf TS Rookie Topic Starter Posts: 74

    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2011-08-01 07:00:52
    -----------------------------
    07:00:52.390 OS Version: Windows 5.1.2600 Service Pack 3
    07:00:52.390 Number of processors: 2 586 0x1706
    07:00:52.390 ComputerName: LAURAS-LAPTOP UserName: laura
    07:00:55.375 Initialize success
    07:00:56.531 AVAST engine defs: 11073100
    07:01:05.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    07:01:05.156 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
    07:01:05.265 Disk 0 MBR read successfully
    07:01:05.265 Disk 0 MBR scan
    07:01:05.281 Disk 0 Windows XP default MBR code
    07:01:05.312 Disk 0 scanning sectors +625121280
    07:01:05.531 Disk 0 scanning C:\WINDOWS\system32\drivers
    07:01:51.968 Service scanning
    07:01:53.843 Modules scanning
    07:02:09.109 Disk 0 trace - called modules:
    07:02:09.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    07:02:09.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0dfab8]
    07:02:09.125 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8b073030]
    07:02:10.640 AVAST engine scan C:\WINDOWS
    07:02:29.234 AVAST engine scan C:\WINDOWS\system32
    07:04:57.937 AVAST engine scan C:\WINDOWS\system32\drivers
    07:05:17.359 AVAST engine scan C:\Documents and Settings\laura
    07:19:01.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\laura\Desktop\MBR.dat"
    07:19:01.312 The log file has been saved successfully to "C:\Documents and Settings\laura\Desktop\aswMBR.txt"


    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2011-08-01 07:24:11
    -----------------------------
    07:24:11.296 OS Version: Windows 5.1.2600 Service Pack 3
    07:24:11.296 Number of processors: 2 586 0x1706
    07:24:11.296 ComputerName: LAURAS-LAPTOP UserName: laura
    07:24:14.031 Initialize success
    07:24:14.515 AVAST engine defs: 11073100
    07:24:19.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    07:24:19.328 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
    07:24:19.343 Disk 0 MBR read successfully
    07:24:19.359 Disk 0 MBR scan
    07:24:19.359 Disk 0 Windows XP default MBR code
    07:24:19.375 Disk 0 scanning sectors +625121280
    07:24:19.500 Disk 0 scanning C:\WINDOWS\system32\drivers
    07:24:42.578 Service scanning
    07:24:46.046 Modules scanning
    07:24:54.734 Disk 0 trace - called modules:
    07:24:54.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    07:24:54.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0d3ab8]
    07:24:54.750 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8aa9b030]
    07:24:56.453 AVAST engine scan C:\WINDOWS
    07:25:02.765 AVAST engine scan C:\WINDOWS\system32
    07:26:39.609 AVAST engine scan C:\WINDOWS\system32\drivers
    07:26:53.859 AVAST engine scan C:\Documents and Settings\laura
    08:01:27.156 AVAST engine scan C:\Documents and Settings\All Users
    08:03:46.250 Scan finished successfully
    08:13:47.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\laura\Desktop\MBR.dat"
    08:13:47.718 The log file has been saved successfully to "C:\Documents and Settings\laura\Desktop\aswMBR.txt"
     
  14. Demianwulf

    Demianwulf TS Rookie Topic Starter Posts: 74

    ComboFix 11-07-31.04 - laura 08/01/2011 8:34.1.2 - x86
    Running from: c:\documents and settings\laura\My Documents\Downloads\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Tarma Installer
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
    c:\documents and settings\All Users\SPL14CF.tmp
    c:\documents and settings\All Users\SPL17A.tmp
    c:\documents and settings\All Users\SPL17D.tmp
    c:\documents and settings\All Users\SPL1C1.tmp
    c:\documents and settings\All Users\SPL1D2.tmp
    c:\documents and settings\All Users\SPL367.tmp
    c:\documents and settings\All Users\SPL3EA.tmp
    c:\documents and settings\All Users\SPL50B.tmp
    c:\documents and settings\All Users\SPL84E.tmp
    c:\documents and settings\laura\Application Data\Adobe\plugs
    c:\documents and settings\laura\Application Data\Adobe\shed
    c:\documents and settings\laura\Application Data\Sun\gurfoat.dll
    c:\documents and settings\laura\Application Data\Sun\mnj.dat
    c:\documents and settings\laura\Application Data\Sun\mxd1.txt
    c:\documents and settings\laura\Application Data\Sun\uuoo.dat
    c:\windows\system32\404Fix.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_6TO4
    -------\Service_6to4
    -------\Service_SPService
    -------\Service_USBAAPL
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-30 10:39 . 2011-07-30 10:39 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-07-30 00:20 . 2011-07-30 00:20 -------- d-----w- c:\program files\COMODO
    2011-07-30 00:19 . 2011-07-30 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
    2011-07-30 00:18 . 2011-07-30 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
    2011-07-30 00:16 . 2011-07-30 00:16 -------- d-----w- c:\program files\CCleaner
    2011-07-29 22:44 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-07-29 22:44 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-07-29 22:44 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-29 22:44 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-07-29 22:44 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-07-29 22:44 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-07-29 22:44 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-07-29 22:44 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-07-29 22:43 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
    2011-07-29 22:43 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-07-29 22:43 . 2011-07-29 22:43 -------- d-----w- c:\program files\AVAST Software
    2011-07-29 22:43 . 2011-07-29 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-07-29 22:21 . 2011-07-30 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-07-29 22:21 . 2011-07-29 22:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-07-29 17:48 . 2011-07-29 17:48 -------- d-----w- c:\documents and settings\Administrator
    2011-07-24 21:24 . 2011-07-24 21:24 -------- d-----w- c:\documents and settings\laura\Application Data\NetAssistant
    2011-07-24 21:23 . 2011-07-24 21:23 -------- d-----w- c:\program files\Yontoo Layers Runtime
    2011-07-24 21:23 . 2011-07-24 21:23 -------- d-----w- c:\program files\Free Offers from Freeze.com
    2011-07-24 16:46 . 2011-07-24 16:53 -------- d-----w- C:\windowsinstall
    2011-07-24 16:15 . 2011-07-24 17:00 -------- d-----w- c:\program files\nLite
    2011-07-24 16:13 . 2011-07-24 16:13 2665796 ----a-w- c:\program files\nLite-1.4.9.1.installer.exe
    2011-07-19 22:52 . 2011-07-19 22:52 -------- d-----w- c:\documents and settings\laura\Local Settings\Application Data\{87BC5F78-DB0A-473F-A1E2-9EB80EDA44C2}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-06 23:52 . 2010-07-24 20:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 23:52 . 2010-07-24 20:50 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-30 13:38 . 2011-06-30 13:38 97504 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-06-30 13:38 . 2011-06-30 13:38 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-06-30 13:38 . 2011-06-30 13:38 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-06-30 13:38 . 2011-06-30 13:38 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-06-30 13:37 . 2011-06-30 13:37 285256 ----a-w- c:\windows\system32\guard32.dll
    2011-06-22 00:57 . 2011-06-22 00:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-03-06 12:42 . 2011-03-06 12:42 8588616 ----a-w- c:\program files\Firefox Setup 3.6.15.exe
    2011-03-06 05:31 . 2011-03-06 05:31 6370816 ----a-w- c:\program files\iREB-r4.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2011-06-30 21:49 194848 ------w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2007-09-10 20:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2007-09-10 20:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-08-02 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-03-03 2510848]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
    .
    c:\documents and settings\laura\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2009-10-17 947]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Audible Download Manager.lnk.disabled [2011-6-15 1762]
    Bluetooth.lnk.disabled [2011-3-5 637]
    HP Digital Imaging Monitor.lnk.disabled [2010-4-14 1808]
    McAfee Security Scan Plus.lnk.disabled [2010-7-26 1611]
    Sonic CinePlayer Quick Launch.lnk.disabled [2009-12-17 773]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-04-17 03:04 86528 ----a-w- c:\windows\system32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "AdobeBridge"=
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "Google Update"="c:\documents and settings\laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe"
    "Fax Machine"=
    "googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "hikinof"="rundll32" "c:\windows\system32\vibevij.dll" ,r
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
    "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "NVHotkey"=rundll32.exe nvHotkey.dll,Start
    "NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    "nwiz"=nwiz.exe /installquiet
    "OEM02Mon.exe"=c:\windows\OEM02Mon.exe
    "PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" /startup
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\WINDOWS\\system32\\lxdxcoms.exe"=
    "c:\\WINDOWS\\system32\\lxdxcfg.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
    "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
    "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxlscn.exe"=
    "c:\\Documents and Settings\\laura\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\laura\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxwbgw.exe"=
    "c:\\Documents and Settings\\laura\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    "9322:TCP"= 9322:TCP:EKDiscovery
    "5353:UDP"= 5353:UDP:Bonjour Port 5353
    "6088:TCP"= 6088:TCP:spport
    "5558:TCP"= 5558:TCP:spport
    "11903:TCP"= 11903:TCP:spport
    "21178:TCP"= 21178:TCP:spport
    "12746:TCP"= 12746:TCP:spport
    .
    R1 SASDIFSV;SASDIFSV;c:\docume~1\laura\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
    R1 SASKUTIL;SASKUTIL;c:\docume~1\laura\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-08-02 288112]
    R3 cpuz134;cpuz134;c:\docume~1\laura\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-06 664064]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-06-30 242600]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-06-30 29400]
    S2 AbtSvcHost;AbtSvcHost;c:\windows\system32\AbtSvcHost_.exe [2010-07-12 49584]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
    S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 589824]
    S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-02-27 98984]
    S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2010-07-09 196928]
    S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-07-09 65856]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-299502267-839522115-1003Core.job
    - c:\documents and settings\laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-08 23:21]
    .
    2011-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-299502267-839522115-1003UA.job
    - c:\documents and settings\laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-08 23:21]
    .
    2011-05-03 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-11 21:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
    FF - ProfilePath - c:\documents and settings\laura\Application Data\Mozilla\Firefox\Profiles\ouswtyky.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: XULRunner: {87BC5F78-DB0A-473F-A1E2-9EB80EDA44C2} - c:\documents and settings\laura\Local Settings\Application Data\{87BC5F78-DB0A-473F-A1E2-9EB80EDA44C2}
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\documents and settings\laura\Application Data\NetAssistant
    user_pref(security.warn_viewing_mixed,false);
    user_pref(security.warn_viewing_mixed.show_once,false);
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    user_pref(security.warn_submit_insecure,false);
    FF - user.js: security.warn_submit_insecure.show_once - false
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
    SafeBoot-Wdf01000.sys
    HKLM_ActiveSetup-{3081C8F7-5710-4508-B8E1-BA5BB59FEC43} - c:\documents and settings\laura\Application Data\Sun\gurfoat.dll
    AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-01 09:07
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1024)
    c:\windows\system32\psqlpwd.dll
    c:\program files\Fingerprint Reader Suite\homefus2.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    c:\program files\Fingerprint Reader Suite\homepass.dll
    c:\program files\Fingerprint Reader Suite\bio.dll
    c:\program files\Fingerprint Reader Suite\remote.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    - - - - - - - > 'explorer.exe'(2576)
    c:\windows\system32\WININET.dll
    c:\program files\Fingerprint Reader Suite\farchns.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    c:\windows\system32\ieframe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\Apntex.exe
    c:\program files\DellTPad\HidFind.exe
    c:\windows\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-01 09:12:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-01 13:12
    .
    Pre-Run: 226,780,004,352 bytes free
    Post-Run: 228,898,832,384 bytes free
    .
    - - End Of File - - 594CEE3A111F15997CEC5F0B4F700F50
     
  15. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    How is computer doing?

    Uninstall Yontoo Layers Runtime 1.10.01.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. Demianwulf

    Demianwulf TS Rookie Topic Starter Posts: 74

    Sorry for the late reply...The computer was working great from the previous stuff we did. Google redirects where gone and it was shutting down and rebooting fine. Unfortunately, it is a family member of mines and she was too impatient to get it back so I wasnt able to perform the last bits from the last post you wrote up. I did forward the information in hopes she would do it and send it back to me but that doesn't at all seem likely. I guess we can call this one closed since I won't be able to work on it anymore. Many thanks...I hope the stuff we did before was sufficient to keep her from coming back :)
     
  17. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Thanks for letting me know :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.