Inactive [A] Major probs. Do I need to blow it out?

[Mike Shears]

Scrubbing a machine.

IE seems to have disappeared. Quick Launch shows a generic white and green launcher for it.
When you try to launch IE, you get an error mssg: Windows can not access the specified device, path or file. You may not have the appropriate permissions to access the item.

Ran Malwarebytes with no result.
Super atispyware seemed to run way too quick. ESET Online scan found two trojans. some sort of regreviv
I reinstalled IE with no luck.It does not show up anywhere
Twice I've received the mssg recycle bin is corrupt.
A number of times when I open something, it get the hourglass for some time. I have had to rudereboot in order to get it to stop.

Currently running TrojanHunter which has found
Found malware file: C:\Program Files\EPSON\PrinterDriverTemp\SPR260\cfw_installer.exe (VB.12714)
and
Found malware file: C:\Users\XXXXXX\Downloads\cfw_installer.exe (VB.12714)
Looks like CFW is Comodo Firewall (False Positive?)

These are still there. Trojan Hunter wanted $39.95 to fix and these look like false positives
Also tried running Combo Fix to post logs. CB kept stalling even though Fireweall and AV were shut off and no one was using the machine. At one point, it blacked out the screen and would not come back till I tapped the power button. Internet connectivity dropped considerably during this time. Cycling the equipment brought it back. This may be incidental
HJT log

[HJT log removed by Broni]

 

[Mike Shears]

GMER log results

 

[Mike Shears]

DDS Logs

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Mike Shears]

Thanks for your quick response! I will get the MB quick scan log tonight and post it.

Thanks aggain

 

[Broni]

 

[Mike Shears]

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.24.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Puffin :: JEANNE-PC [administrator]

1/25/2013 6:18:04 PM
mbam-log-2013-01-25 (18-18-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211782
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Mike Shears]

Is something you need missing?

 

[Broni]

Hmmm...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[Mike Shears]

GMER part 1
GMER Log

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-14 21:30:21
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\0000004f WDC_WD50 rev.15.0 465.76GB
Running: gmer3p.exe; Driver: C:\Users\Puffin\AppData\Local\Temp\pwdiqpog.sys


---- System - GMER 2.0 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x922244BA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x922D2F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x92912C22]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x922D3112]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x92224ED6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x922D2286]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9222FFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9222FFF4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x922D2B8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x92230176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9222FF16]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x92912FA6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9222FF5E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x922D3C8A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x922D1C72]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x92230130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x9222593E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x92224508]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x92912CEA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x929113EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x922D254E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x92224556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x92229534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x922263A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9222FFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x92230016]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x922D2D68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9223019A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9222FF3C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x922D27E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9222FF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x92230154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x92912E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x92226272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x92225DD4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x922245A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x922245F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x922257BE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x922D39A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x922243AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x922D24B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x92225AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x92225C54]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x922D26D4]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x9288B640]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x922D1E76]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9291141C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x92224640]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x92912D96]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x922D3340]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9292BE56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

 

[Mike Shears]

GMER Part 2
---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 826E87D0 4 Bytes [BA, 44, 22, 92]
.text ntkrnlpa.exe!KeSetEvent + 119 826E87DC 4 Bytes [26, 2F, 2D, 92]
.text ntkrnlpa.exe!KeSetEvent + 131 826E87F4 4 Bytes [22, 2C, 91, 92] {AND CH, [ECX+EDX*4]; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 13D 826E8800 4 Bytes [12, 31, 2D, 92]
.text ntkrnlpa.exe!KeSetEvent + 191 826E8854 4 Bytes [D6, 4E, 22, 92]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82813633 5 Bytes JMP 92928CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 8286C593 5 Bytes JMP 9292A810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82875EB8 4 Bytes CALL 92226A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82879B2C 4 Bytes CALL 92226AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 828CDE8C 7 Bytes JMP 9292BE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F00B340, 0x413097, 0xE8000020]
.text ntdll.dll!LdrLoadDll 77A89378 5 Bytes [E9, 73, EA, 59, 98] {JMP 0x9859ea78}
.text ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes [E9, 1B, 1B, 58, 98] {JMP 0x98581b20}
.text ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes [E9, 37, 74, 56, 98] {JMP 0x9856743c}
.text ntdll.dll!NtClose 77AC4184 5 Bytes [E9, F7, 8E, 55, 98] {JMP 0x98558efc}

---- User code sections - GMER 2.0 ----

.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!LdrGetProcedureAddress 77AA56E0 2 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!LdrGetProcedureAddress + 3 77AA56E3 2 Bytes [58, 98] {POP EAX; CWDE }
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtAllocateVirtualMemory 77AC3FA4 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtCreateFile 77AC4244 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtCreateFile + 6 77AC424A 4 Bytes [28, F0, 7C, 00] {SUB AL, DH; JL 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtCreateFile + B 77AC424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtCreateProcess 77AC4304 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

 

[Mike Shears]

Part 3


C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtCreateProcessEx 77AC4314 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtDeleteFile 77AC4624 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtFreeVirtualMemory 77AC47B4 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtLoadDriver 77AC48D4 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtMapViewOfSection + 6 77AC499A 4 Bytes [28, F3, 7C, 00] {SUB BL, DH; JL 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtMapViewOfSection + B 77AC499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenFile 77AC4A24 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenFile + 6 77AC4A2A 4 Bytes [68, F0, 7C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenFile + B 77AC4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcess + 6 77AC4AAA 4 Bytes [A8, F1, 7C, 00] {TEST AL, 0xf1; JL 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcess + B 77AC4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcessToken + B 77AC4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcessTokenEx + 6 77AC4ACA 4 Bytes [A8, F2, 7C, 00] {TEST AL, 0xf2; JL 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcessTokenEx + B 77AC4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThread + 6 77AC4B1A 4 Bytes [68, F1, 7C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThread + B 77AC4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThreadToken + 6 77AC4B2A 4 Bytes [68, F2, 7C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThreadToken + B 77AC4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThreadTokenEx + B 77AC4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtProtectVirtualMemory 77AC4BA4 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtQueryAttributesFile + 6 77AC4BCA 4 Bytes [A8, F0, 7C, 00] {TEST AL, 0xf0; JL 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtQueryAttributesFile + B 77AC4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtQueryFullAttributesFile + B 77AC4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationFile + 6 77AC515A 4 Bytes [28, F1, 7C, 00] {SUB CL, DH; JL 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationFile + B 77AC515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationProcess 77AC5194 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationThread + 6 77AC51AA 4 Bytes [28, F2, 7C, 00] {SUB DL, DH; JL 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationThread + B 77AC51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtUnloadDriver 77AC53E4 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtUnmapViewOfSection + 6 77AC544A 4 Bytes [68, F3, 7C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtUnmapViewOfSection + B 77AC544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtWriteVirtualMemory 77AC54E4 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!KiUserExceptionDispatcher 77AC5C28 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ntdll.dll!RtlAllocateHeap 77AC6400 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!VirtualProtect 76121DC3 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!OpenFile 7612355A 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!MoveFileW 7612A2F2 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CopyFileExW 76130211 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CopyFileW 76130299 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!DeleteFileW 7613F53E 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!DeleteFileA 7613F65A 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!MoveFileWithProgressW 7614112C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!MoveFileExW 76141150 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!LoadLibraryExW 7614926C 7 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!LoadLibraryW 761493F0 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!LoadLibraryExA 76149544 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!LoadLibraryA 7614956C 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!GetProcAddress 7616921B 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!GetModuleHandleA 76169485 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!GetModuleHandleW 7616AA04 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CreateFileW 7616B0CB 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CreateFileA 7616D05F 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!MoveFileExA 7617110A 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!MoveFileWithProgressA 7617112A 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CopyFileA 76172633 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!MoveFileA 761AF8A1 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!CopyFileExA 761B1C59 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!WinExec 761B614F 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] KERNEL32.dll!LoadModule 761B62A7 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00820600

 

[Mike Shears]

Part 4


.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00820804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00820A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 008201F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 008203FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 008303FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00830600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00831014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00830804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00830A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00830C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00830E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 008301F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] SHELL32.dll!ShellExecuteW 76779725 3 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] SHELL32.dll!ShellExecuteW + 4 76779729 1 Byte [99]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] SHELL32.dll!ShellExecuteExW 767CC15D 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] SHELL32.dll!ShellExecuteEx 7697A432 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[244] SHELL32.dll!ShellExecuteA 7697A4CD 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!LdrGetProcedureAddress 77AA56E0 2 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!LdrGetProcedureAddress + 3 77AA56E3 2 Bytes [58, 98] {POP EAX; CWDE }
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtAllocateVirtualMemory 77AC3FA4 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtCreateFile 77AC4244 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtCreateProcess 77AC4304 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtCreateProcessEx 77AC4314 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtDeleteFile 77AC4624 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtFreeVirtualMemory 77AC47B4 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtLoadDriver 77AC48D4 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenFile 77AC4A24 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtProtectVirtualMemory 77AC4BA4 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtSetInformationProcess 77AC5194 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtUnloadDriver 77AC53E4 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtWriteVirtualMemory 77AC54E4 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!KiUserExceptionDispatcher 77AC5C28 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!RtlAllocateHeap 77AC6400 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!VirtualProtect 76121DC3 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!OpenFile 7612355A 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!MoveFileW 7612A2F2 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CopyFileExW 76130211 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CopyFileW 76130299 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!DeleteFileW 7613F53E 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!DeleteFileA 7613F65A 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!MoveFileWithProgressW 7614112C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!MoveFileExW 76141150 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!LoadLibraryExW 7614926C 7 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!LoadLibraryW 761493F0 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!LoadLibraryExA 76149544 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!LoadLibraryA 7614956C 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!GetProcAddress 7616921B 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!GetModuleHandleA 76169485 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!GetModuleHandleW 7616AA04 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CreateFileW 7616B0CB 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CreateFileA 7616D05F 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!MoveFileExA 7617110A 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!MoveFileWithProgressA 7617112A 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CopyFileA 76172633 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!MoveFileA 761AF8A1 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!CopyFileExA 761B1C59 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!WinExec 761B614F 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] KERNEL32.dll!LoadModule 761B62A7 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00070600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00070804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00070A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00080600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00081014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00080804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00080A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00080C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00080E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!CreateServiceA 762F72A1 3 Bytes JMP 000801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ADVAPI32.dll!CreateServiceA + 4 762F72A5 1 Byte [89]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] SHELL32.dll!ShellExecuteW 76779725 3 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] SHELL32.dll!ShellExecuteW + 4 76779729 1 Byte [99]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] SHELL32.dll!ShellExecuteExW 767CC15D 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] SHELL32.dll!ShellExecuteEx 7697A432 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[268] SHELL32.dll!ShellExecuteA 7697A4CD 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[592] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\wininit.exe[648] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]

 

[Mike Shears]

Part 5

.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!RegisterRawInputDevices 77446161 5 Bytes JMP 10018E60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 1001CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SystemParametersInfoA 774482E1 7 Bytes JMP 1001C5F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!GetAsyncKeyState 7744863C 5 Bytes JMP 10019080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 1001C810 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SendNotifyMessageW 774493D6 5 Bytes JMP 1001A0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!MoveWindow 7744989F 5 Bytes JMP 10018B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 1001C0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SetParent 7744A2AA 5 Bytes JMP 100188E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!PostThreadMessageA 7744BD34 5 Bytes JMP 1001B8E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!GetKeyboardState 7744BD7D 5 Bytes JMP 100195E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!RegisterHotKey 7744BDA5 5 Bytes JMP 100180A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!EnableWindow 7744CD8B 5 Bytes JMP 10017E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!PostMessageA 7744F8F8 5 Bytes JMP 1001BE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SendMessageA 7744F956 5 Bytes JMP 1001B3A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SendMessageTimeoutW 7745352D 5 Bytes JMP 1001AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SendMessageCallbackW 77454570 5 Bytes JMP 1001A600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!PostThreadMessageW 77457C8E 5 Bytes JMP 1001B640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!GetKeyState 77458CB1 5 Bytes JMP 10019330 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!PostMessageW 7745A175 5 Bytes JMP 1001BB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SendMessageW 77460AED 5 Bytes JMP 1001B100 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SystemParametersInfoW 774611D8 7 Bytes JMP 1001C3D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SendDlgItemMessageA 7746275B 5 Bytes JMP 10019E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SetClipboardViewer 7746BA2D 5 Bytes JMP 100186E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SendNotifyMessageA 7746DFCF 5 Bytes JMP 1001A360 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!BlockInput 7746FF0A 5 Bytes JMP 100184E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SendMessageTimeoutA 77470006 5 Bytes JMP 1001AE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!mouse_event 7747044E 5 Bytes JMP 10029670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SendDlgItemMessageW 77470E38 5 Bytes JMP 10019B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SendInput 77472F75 5 Bytes JMP 10019890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!GetClipboardData 7748715A 5 Bytes JMP 100182D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!ExitWindowsEx 7748B7C3 5 Bytes JMP 10017BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!keybd_event 7749D972 5 Bytes JMP 10029880 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SendMessageCallbackA 774A2CA7 5 Bytes JMP 1001A8C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] GDI32.dll!BitBlt 762070A6 5 Bytes JMP 100293E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] GDI32.dll!StretchBlt 762093D6 5 Bytes JMP 10028C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] GDI32.dll!MaskBlt 7620C5CB 5 Bytes JMP 10029130 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[648] GDI32.dll!PlgBlt 7621EB50 5 Bytes JMP 10028EA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[656] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\services.exe[696] services.exe 00451628 4 Bytes [80, E1, 01, 10]
.text C:\Windows\system32\services.exe[696] services.exe 00451638 4 Bytes [60, DC, 01, 10]
.text C:\Windows\system32\services.exe[696] services.exe 00451658 4 Bytes [A0, E4, 01, 10]
.text C:\Windows\system32\services.exe[696] services.exe 00451668 4 Bytes [E0, DE, 01, 10] {LOOPNZ 0xffffffe0; ADD [EAX], EDX}
.text C:\Windows\system32\services.exe[696] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[696] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[696] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[696] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[696] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[696] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[696] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\services.exe[696] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[696] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[696] RPCRT4.dll!RpcServerRegisterIfEx 7654929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[696] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[696] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[696] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[696] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[712] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[712] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[712] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[712] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[712] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[712] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[712] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[712] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\lsm.exe[724] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\winlogon.exe[760] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00070600
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00070804
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00070A08
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000701F8
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000703FC
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00080600
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00081014
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00080804
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00080A08
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00080C0C
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00080E10
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!CreateServiceA 762F72A1 3 Bytes JMP 000801F8
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[784] ADVAPI32.dll!CreateServiceA + 4 762F72A5 1 Byte [89]
.text C:\Windows\ehome\ehmsas.exe[812] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

 

[Mike Shears]

Part 6

.text C:\Windows\ehome\ehmsas.exe[812] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[812] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[812] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[812] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[812] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[812] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[812] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[812] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[812] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[812] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehmsas.exe[812] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[812] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehmsas.exe[812] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[812] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[812] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[812] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] RPCRT4.dll!RpcServerRegisterIfEx 7654929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[892] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[956] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[956] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[956] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[956] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[956] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[956] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[956] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[956] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[956] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[956] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[984] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] RPCRT4.dll!RpcServerRegisterIfEx 7654929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[984] rpcss.dll!WhichService 75183F84 8 Bytes JMP ED501001
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1028] ntdll.dll!NtAllocateVirtualMemory 77AC3FA4 5 Bytes JMP 00533F00 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1028] ntdll.dll!NtCreateFile 77AC4244 5 Bytes JMP 0054D9A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1028] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1080] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1080] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1080] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1080] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1080] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1080] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1080] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\taskeng.exe[1080] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\taskeng.exe[1080] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[1080] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[1080] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[1080] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\taskeng.exe[1080] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\taskeng.exe[1080] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1080] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1080] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1080] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1128] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1128] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1128] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1128] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1128] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1128] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1128] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1128] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1240] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1240] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1240] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1240] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1240] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1240] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1240] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1272] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1272] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1272] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1272] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1272] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1272] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1272] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1272] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1272] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] RPCRT4.dll!RpcServerRegisterIfEx 7654929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1292] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1352] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1352] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1352] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1352] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1352] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1352] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1352] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1352] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1352] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1352] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1352] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1352] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1352] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1380] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1380] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1380] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

 

[Mike Shears]

Part 7

.text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1380] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1380] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1380] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1380] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!LdrGetProcedureAddress 77AA56E0 2 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!LdrGetProcedureAddress + 3 77AA56E3 2 Bytes [58, 98] {POP EAX; CWDE }
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtAllocateVirtualMemory 77AC3FA4 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtCreateFile 77AC4244 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtCreateFile + 6 77AC424A 4 Bytes [28, DC, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtCreateFile + B 77AC424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtCreateProcess 77AC4304 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtCreateProcessEx 77AC4314 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtDeleteFile 77AC4624 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtFreeVirtualMemory 77AC47B4 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtLoadDriver 77AC48D4 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtMapViewOfSection + 6 77AC499A 4 Bytes [28, DF, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtMapViewOfSection + B 77AC499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenFile 77AC4A24 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenFile + 6 77AC4A2A 4 Bytes [68, DC, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenFile + B 77AC4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenProcess + 6 77AC4AAA 4 Bytes [A8, DD, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenProcess + B 77AC4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenProcessToken + B 77AC4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenProcessTokenEx + 6 77AC4ACA 4 Bytes [A8, DE, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenProcessTokenEx + B 77AC4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenThread + 6 77AC4B1A 4 Bytes [68, DD, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenThread + B 77AC4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenThreadToken + 6 77AC4B2A 4 Bytes [68, DE, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenThreadToken + B 77AC4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtOpenThreadTokenEx + B 77AC4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtProtectVirtualMemory 77AC4BA4 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtQueryAttributesFile + 6 77AC4BCA 4 Bytes [A8, DC, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtQueryAttributesFile + B 77AC4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtQueryFullAttributesFile + B 77AC4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtSetInformationFile + 6 77AC515A 4 Bytes [28, DD, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtSetInformationFile + B 77AC515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtSetInformationProcess 77AC5194 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtSetInformationThread + 6 77AC51AA 4 Bytes [28, DE, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtSetInformationThread + B 77AC51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtUnloadDriver 77AC53E4 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtUnmapViewOfSection + 6 77AC544A 4 Bytes [68, DF, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtUnmapViewOfSection + B 77AC544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!NtWriteVirtualMemory 77AC54E4 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!KiUserExceptionDispatcher 77AC5C28 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ntdll.dll!RtlAllocateHeap 77AC6400 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!VirtualProtect 76121DC3 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!OpenFile 7612355A 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!MoveFileW 7612A2F2 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CopyFileExW 76130211 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CopyFileW 76130299 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!DeleteFileW 7613F53E 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!DeleteFileA 7613F65A 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!MoveFileWithProgressW 7614112C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!MoveFileExW 76141150 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!LoadLibraryExW 7614926C 7 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!LoadLibraryW 761493F0 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!LoadLibraryExA 76149544 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!LoadLibraryA 7614956C 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!GetProcAddress 7616921B 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!GetModuleHandleA 76169485 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!GetModuleHandleW 7616AA04 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CreateFileW 7616B0CB 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CreateFileA 7616D05F 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!MoveFileExA 7617110A 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!MoveFileWithProgressA 7617112A 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CopyFileA 76172633 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!MoveFileA 761AF8A1 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!CopyFileExA 761B1C59 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!WinExec 761B614F 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] KERNEL32.dll!LoadModule 761B62A7 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00320600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00320804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00320A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 003201F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 003203FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 003303FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00330600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00331014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00330804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00330A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00330C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00330E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 003301F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] SHELL32.dll!ShellExecuteW 76779725 3 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] SHELL32.dll!ShellExecuteW + 4 76779729 1 Byte [99]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] SHELL32.dll!ShellExecuteExW 767CC15D 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] SHELL32.dll!ShellExecuteEx 7697A432 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1408] SHELL32.dll!ShellExecuteA 7697A4CD 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1452] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1452] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1452] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1452] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00070600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00070804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00070A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000703FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00080600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00081014
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00080804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00080A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00080C0C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00080E10
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!CreateServiceA 762F72A1 3 Bytes JMP 000801F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1460] ADVAPI32.dll!CreateServiceA + 4 762F72A5 1 Byte [89]
.text C:\Windows\system32\rundll32.exe[1508] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[1508] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[1508] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[1508] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[1508] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[1508] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[1508] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\rundll32.exe[1508] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[1508] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[1508] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[1508] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[1508] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[1508] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00091014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00090C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00090E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000901F8
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!SetUnhandledExceptionFilter 7614A8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1864] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1864] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1864] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1864] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1864] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1864] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1864] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1864] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1864] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1864] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1864] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

 

[Mike Shears]

Part 8

.text C:\Windows\System32\spoolsv.exe[1864] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1864] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] RPCRT4.dll!RpcServerRegisterIfEx 7654929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1904] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000903FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00090600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00091014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00090804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00090A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00090C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00090E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2196] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000901F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00090600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00090804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00090A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2220] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2252] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2252] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2252] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2252] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[2252] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[2252] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[2252] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[2252] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2252] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2252] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2252] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2252] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2268] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2268] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2268] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2268] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2268] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2268] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[2268] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[2268] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[2268] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[2268] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2268] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2268] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2268] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2268] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2312] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2312] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2312] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2312] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2312] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2312] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2312] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[2312] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2312] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2312] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2312] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2392] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2392] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2392] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2392] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2392] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2392] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2392] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2392] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2392] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2392] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2392] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2392] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2392] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\SearchIndexer.exe[2392] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2392] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2392] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2392] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00170600
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00170804
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00170A08
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 001701F8
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 001703FC
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 002803FC
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00280600
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00281014
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00280804
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00280A08
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00280C0C
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00280E10
.text C:\Users\Jeanne\Desktop\gmer3p.exe[2412] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 002801F8
.text C:\Windows\system32\Dwm.exe[2700] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2700] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2700] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2700] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2700] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2700] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2700] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[2700] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2700] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2700] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2700] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2700] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[2700] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[2700] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[2700] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[2700] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2724] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[2732] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2732] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2732] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2732] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2732] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2732] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2732] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[2732] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[2732] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2732] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2732] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2732] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2732] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[2732] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[2732] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[2732] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[2732] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

 

[Mike Shears]

Part 9
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2912] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 001601F8
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 001603FC
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ntdll.dll!NtAllocateVirtualMemory 77AC3FA4 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00170600
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00171014
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00170804
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00170A08
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00170C0C
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00170E10
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 001701F8
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00180600
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00180804
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00180A08
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 001801F8
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2940] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[3008] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3008] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3008] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3008] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3008] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3008] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3008] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3008] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3008] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[3008] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[3008] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[3008] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[3008] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[3008] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3008] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3008] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3008] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[3064] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Windows\System32\rundll32.exe[3064] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Windows\System32\rundll32.exe[3064] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Windows\System32\rundll32.exe[3064] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Windows\System32\rundll32.exe[3064] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Windows\System32\rundll32.exe[3064] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000903FC
.text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00090600
.text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00091014
.text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00090804
.text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00090A08
.text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00090C0C
.text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00090E10
.text C:\Windows\System32\rundll32.exe[3064] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000901F8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] ntdll.dll!LdrUnloadDll 77A9B680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] kernel32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] kernel32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] kernel32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3100] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] user32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00170600
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] user32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00170804
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] user32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00170A08
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] user32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 001701F8
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] user32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 001703FC
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00180600
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00181014
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00180804
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00180A08
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00180C0C
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00180E10
.text C:\Program Files\TrojanHunter 5.5\THGuard.exe[3132] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3140] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!LdrGetProcedureAddress 77AA56E0 2 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!LdrGetProcedureAddress + 3 77AA56E3 2 Bytes [58, 98] {POP EAX; CWDE }
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtAllocateVirtualMemory 77AC3FA4 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtCreateFile 77AC4244 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtCreateFile + 6 77AC424A 4 Bytes [28, 34, 23, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtCreateFile + B 77AC424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtCreateProcess 77AC4304 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtCreateProcessEx 77AC4314 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtDeleteFile 77AC4624 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtFreeVirtualMemory 77AC47B4 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtLoadDriver 77AC48D4 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtMapViewOfSection + 6 77AC499A 4 Bytes [28, 37, 23, 00] {SUB [EDI], DH; AND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtMapViewOfSection + B 77AC499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenFile 77AC4A24 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenFile + 6 77AC4A2A 4 Bytes [68, 34, 23, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenFile + B 77AC4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenProcess + 6 77AC4AAA 4 Bytes [A8, 35, 23, 00] {TEST AL, 0x35; AND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenProcess + B 77AC4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenProcessToken + B 77AC4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenProcessTokenEx + 6 77AC4ACA 4 Bytes [A8, 36, 23, 00] {TEST AL, 0x36; AND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenProcessTokenEx + B 77AC4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenThread + 6 77AC4B1A 4 Bytes [68, 35, 23, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenThread + B 77AC4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenThreadToken + 6 77AC4B2A 4 Bytes [68, 36, 23, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenThreadToken + B 77AC4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtOpenThreadTokenEx + B 77AC4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtProtectVirtualMemory 77AC4BA4 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtQueryAttributesFile + 6 77AC4BCA 4 Bytes [A8, 34, 23, 00] {TEST AL, 0x34; AND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtQueryAttributesFile + B 77AC4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtQueryFullAttributesFile + B 77AC4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtSetInformationFile + 6 77AC515A 4 Bytes [28, 35, 23, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtSetInformationFile + B 77AC515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtSetInformationProcess 77AC5194 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtSetInformationThread + 6 77AC51AA 4 Bytes [28, 36, 23, 00] {SUB [ESI], DH; AND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtSetInformationThread + B 77AC51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtUnloadDriver 77AC53E4 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtUnmapViewOfSection + 6 77AC544A 4 Bytes [68, 37, 23, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtUnmapViewOfSection + B 77AC544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!NtWriteVirtualMemory 77AC54E4 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!KiUserExceptionDispatcher 77AC5C28 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!RtlAllocateHeap 77AC6400 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!VirtualProtect 76121DC3 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!OpenFile 7612355A 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!MoveFileW 7612A2F2 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CopyFileExW 76130211 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CopyFileW 76130299 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!DeleteFileW 7613F53E 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!DeleteFileA 7613F65A 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!MoveFileWithProgressW 7614112C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!MoveFileExW 76141150 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!LoadLibraryExW 7614926C 7 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!LoadLibraryW 761493F0 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!LoadLibraryExA 76149544 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!LoadLibraryA 7614956C 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!GetProcAddress 7616921B 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!GetModuleHandleA 76169485 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!GetModuleHandleW 7616AA04 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CreateFileW 7616B0CB 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CreateFileA 7616D05F 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!MoveFileExA 7617110A 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!MoveFileWithProgressA 7617112A 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CopyFileA 76172633 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!MoveFileA 761AF8A1 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!CopyFileExA 761B1C59 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!WinExec 761B614F 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] KERNEL32.dll!LoadModule 761B62A7 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00290600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00290804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00290A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 002901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 002903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 002A03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 002A0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 002A1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 002A0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 002A0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 002A0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 002A0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 002A01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] SHELL32.dll!ShellExecuteW 76779725 3 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] SHELL32.dll!ShellExecuteW + 4 76779729 1 Byte [99]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] SHELL32.dll!ShellExecuteExW 767CC15D 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] SHELL32.dll!ShellExecuteEx 7697A432 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3196] SHELL32.dll!ShellExecuteA 7697A4CD 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 00070600
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 00070804
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 00070A08
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000703FC
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 00080600
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 00081014
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 00080804
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 00080A08
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 00080C0C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 00080E10
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!CreateServiceA 762F72A1 3 Bytes JMP 000801F8
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3280] ADVAPI32.dll!CreateServiceA + 4 762F72A5 1 Byte [89]
.text C:\Windows\system32\taskeng.exe[3416] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3416] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3416] ntdll.dll!NtAlpcSendWaitReceivePort 77AC40E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3416] ntdll.dll!NtClose 77AC4184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3416] KERNEL32.dll!CreateProcessW 76121BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3416] KERNEL32.dll!CreateProcessA 76121C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3416] KERNEL32.dll!GetBinaryTypeW + 70 76172447 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!CreateProcessAsUserA 7627CEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!CreateProcessAsUserW 76291EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!CreateServiceW 762B9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!DeleteService 762BA07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!SetServiceObjectSecurity 762F6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!ChangeServiceConfigA 762F6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!ChangeServiceConfigW 762F6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!ChangeServiceConfig2A 762F7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!ChangeServiceConfig2W 762F71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\taskeng.exe[3416] ADVAPI32.dll!CreateServiceA 762F72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\taskeng.exe[3416] USER32.dll!SetWindowsHookExA 77446322 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[3416] USER32.dll!SetWindowsHookExW 774487AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[3416] USER32.dll!UnhookWindowsHookEx 774498DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[3416] USER32.dll!SetWinEventHook 77449F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\taskeng.exe[3416] USER32.dll!UnhookWinEvent 7744C06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\taskeng.exe[3416] GDI32.dll!DeleteDC 762068CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3416] GDI32.dll!CreateDCW 7620A91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3416] GDI32.dll!CreateDCA 7620AA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3416] GDI32.dll!GetPixel 7620BE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!LdrUnloadDll 77A9B680 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!LdrGetProcedureAddress 77AA56E0 2 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)


---- EOF - GMER 2.0 ----

 

[Mike Shears]

.Remainin g logs to follow

 

[Mike Shears]

DDS txt

dds.txt
===================================================================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer:
Run by Puffin at 20:59:31 on 2013-01-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1514 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\TrojanHunter 5.5\THGuard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jeanne\Desktop\gmer3p.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ghostery Add-On: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adblock Pro: {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - c:\program files\adblock pro\AdblockPro.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [THGuard] "c:\program files\trojanhunter 5.5\THGuard.exe"
mRunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{184906ff-ed62-4ee5-bd9c-fd55a3fb7b2d}
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: LocalAccountTokenFilterPolicy = dword:1
IE: &Block This Image (ABP) - c:\program files\adblock pro\blockimg.html
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - c:\program files\adblock pro\AdblockPro.dll
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CCC8242C-EF87-480D-BD77-B9EF4CA8572B} : DHCPNameServer = 192.168.0.1
Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - c:\program files\ghosteryieplugin\GhosteryMimeFilter.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs= c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-28 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-28 361032]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 38616]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-28 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-6-28 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-6 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-7-8 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-9 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-8 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-8 21104]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
.
=============== Created Last 30 ================
.
2013-01-15 01:28:30--------d-----w-c:\users\puffin\appdata\roaming\TrojanHunter
2013-01-14 21:30:14--------d-----w-c:\program files\VS Revo Group
2013-01-14 20:25:01--------d-----w-c:\windows\system32\wbem\repository
2013-01-14 20:11:17--------d-----w-c:\programdata\TrojanHunter
2013-01-14 20:11:16--------d-----w-c:\program files\TrojanHunter 5.5
2013-01-14 02:04:39--------d--h--w-c:\windows\msdownld.tmp
2013-01-13 06:10:0553248----a-w-c:\windows\system32\zlib.dll
2013-01-13 06:03:236812136----a-w-c:\programdata\microsoft\windows defender\definition updates\{755027a8-c5ca-4981-ad68-6c2c1825ddbe}\mpengine.dll
2013-01-13 05:52:55131344----a-w-c:\windows\system32\drivers\tmrkb.sys
2013-01-13 05:52:25205072----a-w-c:\windows\system32\drivers\tmcomm.sys
2013-01-12 20:29:36--------d-----w-C:\bd_logs
2013-01-10 02:54:07204288----a-w-c:\windows\system32\ncrypt.dll
2013-01-10 02:54:061400832----a-w-c:\windows\system32\msxml6.dll
2013-01-09 23:22:27--------d-----w-c:\users\puffin\appdata\roaming\SUPERAntiSpyware.com
2012-12-26 02:24:36293376----a-w-c:\windows\system32\atmfd.dll
2012-12-26 02:24:3534304----a-w-c:\windows\system32\atmlib.dll
2012-12-21 01:29:54652296----a-w-c:\programdata\microsoft\ehome\packages\sportstemplate\sportstemplatecore\M icrosoft.MediaCenter.Sports.UI.dll
2012-12-21 01:29:33644368----a-w-c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\Spotlight Resources.dll
2012-12-21 01:29:17416128----a-w-c:\programdata\microsoft\ehome\packages\nettv\browse\NetTVResources.dll
.
==================== Find3M ====================
.
2013-01-10 20:54:1474248----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-10 20:54:14697864----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-12-14 21:49:2821104----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-14 02:09:221800704----a-w-c:\windows\system32\jscript9.dll
2012-11-14 01:58:151427968----a-w-c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:371129472----a-w-c:\windows\system32\wininet.dll
2012-11-14 01:49:25142848----a-w-c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27420864----a-w-c:\windows\system32\vbscript.dll
2012-11-14 01:44:422382848----a-w-c:\windows\system32\mshtml.tlb
2012-11-13 01:36:352048000----a-w-c:\windows\system32\win32k.sys
2012-11-13 01:29:512048----a-w-c:\windows\system32\tzres.dll
2012-11-02 10:18:17376320----a-w-c:\windows\system32\dpnet.dll
2012-11-02 08:26:0623040----a-w-c:\windows\system32\dpnsvr.exe
2012-10-30 23:51:58738504----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:5758680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 23:51:0741224----a-w-c:\windows\avastSS.scr
.
============= FINISH: 21:00:32.77 ===============

 

[Mike Shears]

DDS Attach

Attach
=====================================================================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/28/2012 9:27:39 PM
System Uptime: 1/14/2013 6:57:55 PM (3 hours ago)
.
Motherboard: Dell Inc | | 0UW457
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2000/1000mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 366.272 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 223 GiB total, 158.818 GiB free.
F: is FIXED (NTFS) - 10 GiB total, 4.44 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adblock Pro 3.6
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
att.net Internet Mail
avast! Free Antivirus
Canon MP Navigator EX 2.0
CCleaner
COMODO Internet Security
Dell Resource CD
EPSON Printer Software
Ghostery IE Plugin
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Logitech Communications Manager
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
NVIDIA Drivers
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SUPERAntiSpyware
TrojanHunter 5.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
VLC media player 2.0.2
.
==== End Of File ===========================

 

[Mike Shears]

Alright. Everything should be as you requested.

 

[Broni]

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=========================

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Mike Shears]

I tried running Rougekiller. Commodo FW said it is known malware.
Similarly, I ran MBAR with nothing found. I will get the MBAR logs for you tonight. Is there an alternative to Rouge?

 

[Mike Shears]

Attempting to Download Rouge I get the following popup in IESmart screen Rougue Killer.exe is not commonly downloaded and could harm your computer. Gives me the option to Delete, Actions and view downloads. I select actions and it gives me the option to delete and don't run.
Similarly when I try to run MBAR I get a popup stating Probable root kit activity detected
Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity.
I have the option to select yes if I want to remove this valie and restart the tool or no if I am unsure. I'm selecting No for now.

MBAR LOG
================================================
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.01.31.09
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Puffin :: JEANNE-PC [administrator]
2/1/2013 6:55:23 PM
mbar-log-2013-02-01 (18-55-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27064
Time elapsed: 7 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
=====================================

System-log
===================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.004000 GHz
Memory total: 3218677760, free: 2135326720
------------ Kernel report ------------
02/01/2013 18:39:35
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\atinavrr.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\VSTBS23.SYS
\SystemRoot\system32\DRIVERS\VSTDPV3.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86b40a20
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000053\
Lower Device Object: 0xffffffff85f2cc90
Lower Device Driver Name: \Driver\nvstor32\
Driver name found: nvstor32
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)
IRP handler 0 hooked
IRP handler 2 hooked
IRP handler 14 hooked
IRP handler 15 hooked
IRP handler 22 hooked
IRP handler 23 hooked
IRP handler 27 hooked
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86a3d528
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000051\
Lower Device Object: 0xffffffff85176748
Lower Device Driver Name: \Driver\nvstor32\
Driver name found: nvstor32
Downloaded database version: v2013.01.31.09
Downloaded database version: v2013.01.23.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86a3d528, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86a3d1a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86a3d528, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85f2de00, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85176748, DeviceName: \Device\00000051\, DriverName: \Driver\nvstor32\
------------ End ----------
Upper DeviceData: 0xffffffff899fe9b0, 0xffffffff86a3d528, 0xffffffff867b4ac8
Lower DeviceData: 0xffffffff898d6488, 0xffffffff85176748, 0xffffffff8852e730
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 529208E5
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 976769024
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff86b40a20, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86b40640, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86b40a20, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85f2ca60, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85f2cc90, DeviceName: \Device\00000053\, DriverName: \Driver\nvstor32\
------------ End ----------
Upper DeviceData: 0xffffffffad63c138, 0xffffffff86b40a20, 0xffffffff855c4ac8
Lower DeviceData: 0xffffffffa9b55080, 0xffffffff85f2cc90, 0xffffffff8563b040
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 78000000
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 128457
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 129024 Numsec = 20971520
Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 21100544 Numsec = 467177472
Partition file system is NTFS
Partition is bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250000000000 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Done!
Scan finished