Slow computer, high CPU, got and cleaned trojan, but...

Solved
By needhelp51
Feb 9, 2012
  1. Hello, recently caught a trojan PUP virus. Cleaned it with antivirus. In following days, experienced very slow computer and high cpu. I have to attempt to open any webpage two or three times before it actually loads, otherwise, I get an error. Might have nothing to do with initial virus,but I suspect I still have malware in my machine. Can someone help? Which scans/logs do I have to perform and post. Thanks in advance.
  2. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Hello, here is MBAM log:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Version de la base de données: v2012.02.09.08

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Toshiba :: TOSHIBA-29519BD [administrateur]

    2012-02-09 23:06:58
    mbam-log-2012-02-09 (23-06-58).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 167009
    Temps écoulé: 1 heure(s), 34 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    (fin)
  4. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Hello here is GMER log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-10 20:33:05
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1234GSX rev.AH001A
    Running: k9it3vi3.exe; Driver: C:\DOCUME~1\Toshiba\LOCALS~1\Temp\pxxdqkob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB3732FC4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB5FBC7DE]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB3797510]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB37566A9]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB5FBBD8A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB3735456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB37354AE]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB5FBC444]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB37355C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB375605D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB37353AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB37354FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB3735400]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB5FBEF64]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB5FBB776]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB3735572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB3732FE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB3756D6F]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB3757025]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB3735848]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB3756BDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB3756A45]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB37975C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB3732DB2]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB5FBC052]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB373300C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB37359BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB3733AA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB3735486]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB37354D6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB5FBC620]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB37355EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB37563B9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB37353D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB3735680]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB373553E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB373542E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB3735764]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB373559C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB3797658]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB37568C0]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB5FBE0A8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB373396A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB3756712]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB379F9E6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB37556D0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB3733030]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB3733054]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB5FBCE30]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB3732E0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB3732F48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB3756E76]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB3732F24]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB3732F6C]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB5CD0640]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB5FBB97A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB3733078]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB37AB7A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 102 804E495C 16 Bytes [56, 54, 73, B3, AE, 54, 73, ...]
    .text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 20 Bytes [FE, 54, 73, B3, 00, 54, 73, ...]
    .text ntoskrnl.exe!ZwYieldExecution + 16A 804E49C4 4 Bytes CALL 8501BCF8
    .text ntoskrnl.exe!ZwYieldExecution + 23E 804E4A98 16 Bytes [86, 54, 73, B3, D6, 54, 73, ...] {XCHG [EBX+ESI*2-0x4d], DL; SALC ; PUSH ESP; JAE 0xffffffffffffffbb; AND DH, AL; STI ; MOV CH, 0xee; PUSH EBP; JAE 0xffffffffffffffc3}
    PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP B37AA15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL B373400F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP B37AB7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP B37A869C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D97380, 0x21641D, 0xE8000020]
    init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB86B9EBF]
    .text win32k.sys!EngSetLastError + 79A8 BF8242D4 5 Bytes JMP B3735B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85198B 5 Bytes JMP B3735AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E514 5 Bytes JMP B3735DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E59F 5 Bytes JMP B3735FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F812 5 Bytes JMP B3735ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 4128 BF873F30 5 Bytes JMP B3735F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DEC BF89DBA0 5 Bytes JMP B3735C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A9F7 BF8C2130 5 Bytes JMP B3735CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CA592 5 Bytes JMP B3735D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA812 5 Bytes JMP B3735D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC297 5 Bytes JMP B37359F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 19DF BF91348A 5 Bytes JMP B3735B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 25B3 BF91405E 5 Bytes JMP B3735C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F2C BF9169D7 5 Bytes JMP B37360D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0089D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [F8, 83]
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 008ABB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 008AB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 008A7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0089D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008A4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008A5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 008A3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 008A4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003C0804
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003C0A08
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003C0600
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003C01F8
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] USER32.dll!UnhookWinEvent 7E3B18AC 3 Bytes JMP 003C03FC
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] USER32.dll!UnhookWinEvent + 4 7E3B18B0 1 Byte [82]
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 008A8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 008A8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 008A9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[272] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 008A9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[280] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0098D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [07, 84]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 0099BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 0099B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00997DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0098D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00994F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00995AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00993A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00994390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00451014
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00450804
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00450A08
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00450C0C
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00450E10
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 004501F8
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 004503FC
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00450600
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00460804
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00460A08
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00460600
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 004601F8
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 004603FC
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00998BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00998990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00999CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[328] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00999BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[408] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[512] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[584] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
  5. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Continuing GMER log:

    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[588] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[612] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\smss.exe[896] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[904] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002A0804
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002A0A08
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002A0600
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002A01F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002A03FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[920] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\RAMASST.exe[964] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\RAMASST.exe[964] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\RAMASST.exe[964] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\RAMASST.exe[964] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\RAMASST.exe[964] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\RAMASST.exe[964] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\RAMASST.exe[964] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\RAMASST.exe[964] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\RAMASST.exe[964] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RAMASST.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\WINDOWS\system32\RAMASST.exe[964] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\WINDOWS\system32\RAMASST.exe[964] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\RAMASST.exe[964] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\RAMASST.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\RAMASST.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\RAMASST.exe[964] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\RAMASST.exe[964] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\RAMASST.exe[964] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\csrss.exe[976] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\csrss.exe[976] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\csrss.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[976] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1028] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
    .text C:\WINDOWS\system32\winlogon.exe[1028] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1028] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
    .text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\winlogon.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\winlogon.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\winlogon.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\winlogon.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\winlogon.exe[1028] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\winlogon.exe[1028] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\winlogon.exe[1028] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\services.exe[1072] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\services.exe[1072] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\services.exe[1072] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\services.exe[1072] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1072] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\lsass.exe[1084] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1084] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\spoolsv.exe[1088] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\spoolsv.exe[1088] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1088] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\spoolsv.exe[1088] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\spoolsv.exe[1088] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\spoolsv.exe[1088] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\spoolsv.exe[1088] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 00A8D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [17, 84]
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 00A9BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 00A9B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
  6. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Continuing gmer log:

    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00A97DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 00A8D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A94F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A95AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00A93A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00A94390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00A98BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00A98990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00A99CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[1208] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00A99BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0099D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [08, 84]
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 009ABB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 009AB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 009A7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0099D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 009A3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 009A4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 009A8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 009A8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 009A9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 009A9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1248] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[1256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[1256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1256] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\ctfmon.exe[1256] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\ctfmon.exe[1256] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\ctfmon.exe[1256] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\ctfmon.exe[1256] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1256] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1256] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[1256] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[1256] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[1256] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1304] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1424] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
  7. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Continuing gmer log:

    .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1424] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1424] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1492] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1492] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1492] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1492] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1492] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1492] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1492] rpcss.dll!WhichService 76874234 8 Bytes JMP ED501001
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00530250 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00549CD0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
    .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1560] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1560] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1560] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1640] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1696] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\wscntfy.exe[1892] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[1892] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\wscntfy.exe[1892] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[1892] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[1892] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[1892] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\wscntfy.exe[1892] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[1892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[1892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[1892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wscntfy.exe[1892] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[1892] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[1892] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[1892] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[1892] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[1892] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1908] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1908] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1960] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1960] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1960] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1960] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1960] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1960] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1960] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1960] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1960] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1960] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1960] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
  8. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Continuing gmer log:

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ntdll.dll!LdrGetProcedureAddress 7C927CF0 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] SHELL32.dll!ShellExecuteExW 7CA198CB 5 Bytes JMP 1002A940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] SHELL32.dll!ShellExecuteEx 7CA50E45 5 Bytes JMP 1002A960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] SHELL32.dll!ShellExecuteA 7CA51170 5 Bytes JMP 1002A9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2024] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 1002A980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[2036] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2036] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2160] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0098D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [07, 84]
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 0099BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 0099B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00997DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0098D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00994F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00995AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00993A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00994390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00998BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00998990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00999CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2200] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00999BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0068D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [D7, 83]
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 0069BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 0069B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00697DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0068D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00694F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00695AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00693A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 3 Bytes JMP 00694390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ADVAPI32.dll!CreateProcessAsUserA + 4 77DE0CEC 1 Byte [88]
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00698BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00698990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00699CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00699BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003C0804
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003C0A08
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003C0600
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003C01F8
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] USER32.dll!UnhookWinEvent 7E3B18AC 3 Bytes JMP 003C03FC
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2216] USER32.dll!UnhookWinEvent + 4 7E3B18B0 1 Byte [82]
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
  9. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Continuing of gmer log:

    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\DVDRAMSV.exe[2272] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\nvsvc32.exe[2320] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2344] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[2396] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2396] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2396] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2396] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0442D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [B1, 87] {MOV CL, 0x87}
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 0443BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 0443B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 04437DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0442D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 04434F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 04435AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 03EF0804
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 03EF0A08
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 03EF0600
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 03EF01F8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 03EF03FC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 04438BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 04438990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 04439CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 04439BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 04433A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 04434390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 03F01014
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 03F00804
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 03F00A08
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 03F00C0C
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 03F00E10
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 03F001F8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 03F003FC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2680] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 03F00600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00371014
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00370804
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00370A08
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00370C0C
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00370E10
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003701F8
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003703FC
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00370600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\System32\alg.exe[2932] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\System32\alg.exe[2932] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2932] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2932] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[2932] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[2932] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[2932] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[2932] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[2932] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[2932] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[2932] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[2932] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[2932] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[2932] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[2932] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[2932] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[2932] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe[3232] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
  10. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Ending of gmer log:

    C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4008] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F742D750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F742D820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F742D7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F742D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F742D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F742D820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F742D750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F742D7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F742D7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F742D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F742D820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F742D750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F742D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F742D7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F742D750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F742D820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F742D750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F742D820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F742D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F742D7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F742D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F742D820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F742D750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F742D750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F742D820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F742D7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F742D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F742D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F742D7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F742D750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F742D820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[1072] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
    IAT C:\WINDOWS\system32\services.exe[1072] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Cdfs \Cdfs B9E52400
    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
    ---- Processes - GMER 1.0.15 ----

    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [544] 0x03880000



    ---- EOF - GMER 1.0.15 ----
  11. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    dds log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Toshiba at 21:05:10 on 2012-02-10
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.3070.2356 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [LaunchApp] launchapp
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [SmoothView] c:\program files\toshiba\utilitaire de zoom toshiba\SmoothView.exe
    mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang FR
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [CFSServ.exe] CFSServ.exe -NoClient
    mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\toshiba\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\ramasst.lnk - c:\windows\system32\RAMASST.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1325644805328
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325984729437
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-1-4 17904]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-5 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-5 314456]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 494968]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-1-4 3025112]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-5 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-5 44768]
    R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-12-19 1960584]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
    R3 NETwLx32; Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows XP 32 bits ;c:\windows\system32\drivers\NETwLx32.sys [2012-1-5 6609920]
    R3 pxxdqkob;pxxdqkob;\??\c:\docume~1\toshiba\locals~1\temp\pxxdqkob.sys --> c:\docume~1\toshiba\locals~1\temp\pxxdqkob.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-1-4 51632]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-02-10 00:47:20 388096 ----a-r- c:\documents and settings\toshiba\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-02-10 00:47:14 -------- d-----w- c:\program files\Trend Micro
    2012-02-10 00:43:15 -------- d-----w- c:\documents and settings\toshiba\application data\GetRightToGo
    2012-02-10 00:38:45 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
    2012-02-10 00:03:51 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-02-10 00:03:51 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-02-09 02:05:58 -------- d--h--w- C:\VritualRoot
    2012-02-05 14:45:21 -------- d-----w- c:\documents and settings\toshiba\local settings\application data\Comodo
    2012-02-05 01:46:50 -------- d-----w- c:\documents and settings\toshiba\local settings\application data\Temp
    2012-02-04 14:51:44 -------- d-----w- c:\documents and settings\toshiba\application data\Intuit Canada
    2012-02-04 14:51:35 -------- d-----w- c:\documents and settings\all users\application data\Intuit Canada
    2012-01-23 02:01:50 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2012-01-23 02:01:49 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2012-01-23 02:01:49 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2012-01-23 02:01:48 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2012-01-17 04:41:15 -------- d-----w- c:\documents and settings\toshiba\local settings\application data\MetaGeek,_LLC
    2012-01-16 00:12:12 -------- d-----w- c:\program files\MetaGeek
    2012-01-14 15:57:16 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2012-01-14 15:50:10 -------- d-----w- c:\program files\Lavasoft
    2012-01-14 15:01:31 -------- d-----w- c:\documents and settings\toshiba\application data\WinPatrol
    .
    ==================== Find3M ====================
    .
    2012-02-08 23:45:16 26624 ----a-w- c:\windows\system32\userinit.exe
    2012-01-17 21:00:48 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-01-05 02:50:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-04 03:56:17 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2012-01-04 01:36:54 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-12-19 23:59:22 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-12-19 23:59:20 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-12-19 23:58:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-12-19 23:58:56 301224 ----a-w- c:\windows\system32\guard32.dll
    2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-25 21:57:09 293888 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 14:40:17 1859712 ----a-w- c:\windows\system32\win32k.sys
    2011-11-20 06:12:29 61952 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:22:22 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:22:22 152064 ----a-w- c:\windows\system32\schannel.dll
    .
    ============= FINISH: 21:06:36,81 ===============
     
  12. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Attach log (is in french, hope ok for you, any question, please ask)

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Édition familiale
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2012-01-03 20:37:37
    System Uptime: 2012-02-10 18:49:07 (3 hours ago)
    .
    Motherboard: TOSHIBA | | Satellite P100
    Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U2E1 | 1839/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 55,47 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 2012-02-07 18:49:47 - Point de vérification système
    RP2: 2012-02-08 20:27:41 - Point de vérification système
    RP3: 2012-02-08 22:42:36 - Avant GMER
    RP4: 2012-02-09 18:58:43 - Opération de restauration
    RP5: 2012-02-09 19:47:13 - Installed HiJackThis
    RP6: 2012-02-09 20:33:54 - Removed Ad-Aware
    RP7: 2012-02-09 21:54:15 - Installed Ad-Aware
    RP8: 2012-02-09 21:56:06 - Installed Ad-Aware
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Ad-Aware
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.2) - Français
    Assist TOSHIBA
    Assistant de connexion Windows Live
    avast! Free Antivirus
    CCleaner
    Comodo Dragon
    COMODO GeekBuddy
    COMODO Internet Security
    Conexant HD Audio
    Correctif pour Lecteur Windows Media 11 (KB939683)
    Correctif pour Windows XP (KB2633952)
    Correctif pour Windows XP (KB952287)
    Correctif pour Windows XP (KB961118)
    Correctif pour Windows XP (KB981793)
    Emsisoft Anti-Malware
    HDAUDIO Soft Data Fax Modem with SmartCP
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB954550-v5)
    inSSIDer 2.0
    Installation Windows Live
    Intel(R) PRO Network Connections Drivers
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    J2SE Runtime Environment 5.0 Update 4
    Lecteur Windows Media*11
    Logiciel Intel(R) PROSet/Wireless
    Malwarebytes Anti-Malware version 1.60.1.1000
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 French Language Pack
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile FRA Language Pack
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mise à jour de sécurité pour Lecteur Windows Media (KB2378111)
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
    Mise à jour de sécurité pour Lecteur Windows Media (KB954155)
    Mise à jour de sécurité pour Lecteur Windows Media (KB973540)
    Mise à jour de sécurité pour Lecteur Windows Media (KB975558)
    Mise à jour de sécurité pour Lecteur Windows Media (KB978695)
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
    Mise à jour de sécurité pour Microsoft Windows (KB2564958)
    Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)
    Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)
    Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2510531)
    Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2544521)
    Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2618444)
    Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)
    Mise à jour de sécurité pour Windows XP (KB2079403)
    Mise à jour de sécurité pour Windows XP (KB2115168)
    Mise à jour de sécurité pour Windows XP (KB2229593)
    Mise à jour de sécurité pour Windows XP (KB2296011)
    Mise à jour de sécurité pour Windows XP (KB2347290)
    Mise à jour de sécurité pour Windows XP (KB2360937)
    Mise à jour de sécurité pour Windows XP (KB2387149)
    Mise à jour de sécurité pour Windows XP (KB2393802)
    Mise à jour de sécurité pour Windows XP (KB2412687)
    Mise à jour de sécurité pour Windows XP (KB2419632)
    Mise à jour de sécurité pour Windows XP (KB2423089)
    Mise à jour de sécurité pour Windows XP (KB2440591)
    Mise à jour de sécurité pour Windows XP (KB2443105)
    Mise à jour de sécurité pour Windows XP (KB2476490)
    Mise à jour de sécurité pour Windows XP (KB2478960)
    Mise à jour de sécurité pour Windows XP (KB2478971)
    Mise à jour de sécurité pour Windows XP (KB2479943)
    Mise à jour de sécurité pour Windows XP (KB2481109)
    Mise à jour de sécurité pour Windows XP (KB2483185)
    Mise à jour de sécurité pour Windows XP (KB2485663)
    Mise à jour de sécurité pour Windows XP (KB2506212)
    Mise à jour de sécurité pour Windows XP (KB2507618)
    Mise à jour de sécurité pour Windows XP (KB2507938)
    Mise à jour de sécurité pour Windows XP (KB2508429)
    Mise à jour de sécurité pour Windows XP (KB2509553)
    Mise à jour de sécurité pour Windows XP (KB2535512)
    Mise à jour de sécurité pour Windows XP (KB2536276-v2)
    Mise à jour de sécurité pour Windows XP (KB2544893-v2)
    Mise à jour de sécurité pour Windows XP (KB2566454)
    Mise à jour de sécurité pour Windows XP (KB2567680)
    Mise à jour de sécurité pour Windows XP (KB2570222)
    Mise à jour de sécurité pour Windows XP (KB2570947)
    Mise à jour de sécurité pour Windows XP (KB2584146)
    Mise à jour de sécurité pour Windows XP (KB2585542)
    Mise à jour de sécurité pour Windows XP (KB2592799)
    Mise à jour de sécurité pour Windows XP (KB2598479)
    Mise à jour de sécurité pour Windows XP (KB2603381)
    Mise à jour de sécurité pour Windows XP (KB2618451)
    Mise à jour de sécurité pour Windows XP (KB2619339)
    Mise à jour de sécurité pour Windows XP (KB2620712)
    Mise à jour de sécurité pour Windows XP (KB2624667)
    Mise à jour de sécurité pour Windows XP (KB2631813)
    Mise à jour de sécurité pour Windows XP (KB2633171)
    Mise à jour de sécurité pour Windows XP (KB2639417)
    Mise à jour de sécurité pour Windows XP (KB2646524)
    Mise à jour de sécurité pour Windows XP (KB923561)
    Mise à jour de sécurité pour Windows XP (KB923789)
    Mise à jour de sécurité pour Windows XP (KB941569)
    Mise à jour de sécurité pour Windows XP (KB946648)
    Mise à jour de sécurité pour Windows XP (KB950762)
    Mise à jour de sécurité pour Windows XP (KB950974)
    Mise à jour de sécurité pour Windows XP (KB951376-v2)
    Mise à jour de sécurité pour Windows XP (KB951748)
    Mise à jour de sécurité pour Windows XP (KB952004)
    Mise à jour de sécurité pour Windows XP (KB952954)
    Mise à jour de sécurité pour Windows XP (KB955069)
    Mise à jour de sécurité pour Windows XP (KB956572)
    Mise à jour de sécurité pour Windows XP (KB956744)
    Mise à jour de sécurité pour Windows XP (KB956802)
    Mise à jour de sécurité pour Windows XP (KB956803)
    Mise à jour de sécurité pour Windows XP (KB956844)
    Mise à jour de sécurité pour Windows XP (KB958644)
    Mise à jour de sécurité pour Windows XP (KB958869)
    Mise à jour de sécurité pour Windows XP (KB959426)
    Mise à jour de sécurité pour Windows XP (KB960225)
    Mise à jour de sécurité pour Windows XP (KB960803)
    Mise à jour de sécurité pour Windows XP (KB960859)
    Mise à jour de sécurité pour Windows XP (KB961501)
    Mise à jour de sécurité pour Windows XP (KB969059)
    Mise à jour de sécurité pour Windows XP (KB970238)
    Mise à jour de sécurité pour Windows XP (KB970430)
    Mise à jour de sécurité pour Windows XP (KB971468)
    Mise à jour de sécurité pour Windows XP (KB971657)
    Mise à jour de sécurité pour Windows XP (KB972270)
    Mise à jour de sécurité pour Windows XP (KB973507)
    Mise à jour de sécurité pour Windows XP (KB973869)
    Mise à jour de sécurité pour Windows XP (KB973904)
    Mise à jour de sécurité pour Windows XP (KB974112)
    Mise à jour de sécurité pour Windows XP (KB974318)
    Mise à jour de sécurité pour Windows XP (KB974392)
    Mise à jour de sécurité pour Windows XP (KB974571)
    Mise à jour de sécurité pour Windows XP (KB975025)
    Mise à jour de sécurité pour Windows XP (KB975467)
    Mise à jour de sécurité pour Windows XP (KB975560)
    Mise à jour de sécurité pour Windows XP (KB975561)
    Mise à jour de sécurité pour Windows XP (KB975562)
    Mise à jour de sécurité pour Windows XP (KB975713)
    Mise à jour de sécurité pour Windows XP (KB977816)
    Mise à jour de sécurité pour Windows XP (KB977914)
    Mise à jour de sécurité pour Windows XP (KB978037)
    Mise à jour de sécurité pour Windows XP (KB978338)
    Mise à jour de sécurité pour Windows XP (KB978542)
    Mise à jour de sécurité pour Windows XP (KB978601)
    Mise à jour de sécurité pour Windows XP (KB978706)
    Mise à jour de sécurité pour Windows XP (KB979309)
    Mise à jour de sécurité pour Windows XP (KB979482)
    Mise à jour de sécurité pour Windows XP (KB979559)
    Mise à jour de sécurité pour Windows XP (KB979683)
    Mise à jour de sécurité pour Windows XP (KB979687)
    Mise à jour de sécurité pour Windows XP (KB980195)
    Mise à jour de sécurité pour Windows XP (KB980218)
    Mise à jour de sécurité pour Windows XP (KB980232)
    Mise à jour de sécurité pour Windows XP (KB980436)
    Mise à jour de sécurité pour Windows XP (KB981322)
    Mise à jour de sécurité pour Windows XP (KB981997)
    Mise à jour de sécurité pour Windows XP (KB982132)
    Mise à jour de sécurité pour Windows XP (KB982381)
    Mise à jour de sécurité pour Windows XP (KB982665)
    Mise à jour pour Windows Internet Explorer 8 (KB2598845)
    Mise à jour pour Windows Internet Explorer 8 (KB2632503)
    Mise à jour pour Windows XP (KB2345886)
    Mise à jour pour Windows XP (KB2467659)
    Mise à jour pour Windows XP (KB2492386)
    Mise à jour pour Windows XP (KB2541763)
    Mise à jour pour Windows XP (KB2641690)
    Mise à jour pour Windows XP (KB951978)
    Mise à jour pour Windows XP (KB955759)
    Mise à jour pour Windows XP (KB961503)
    Mise à jour pour Windows XP (KB967715)
    Mise à jour pour Windows XP (KB968389)
    Mise à jour pour Windows XP (KB971029)
    Mise à jour pour Windows XP (KB971737)
    Mise à jour pour Windows XP (KB973687)
    Mise à jour pour Windows XP (KB973815)
    mIWA
    mLogView
    mMHouse
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra
    Module linguistique Microsoft .NET Framework 4 Client Profile FRA
    mPfMgr
    mPfWiz
    mProSafe
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    mZConfig
    NVIDIA Drivers
    OpenOffice.org 3.3
    Outil de diagnostic PC TOSHIBA
    Outil de téléchargement Windows Live
    Pilote du DVD-RAM
    Réducteur de bruit lect. CD/DVD
    SD Secure Module
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
    Segoe UI
    Sonic DLA
    Sonic RecordNow!
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA ConfigFree
    Toshiba Controls Utility
    Toshiba Hotkey Utility
    Toshiba Tbiosdrv Driver
    Toshiba Touchpad Utility
    Toshiba Utility
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Utilitaire de zoom TOSHIBA
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack*3
    XML Paper Specification Shared Components Language Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2012-02-10 20:40:22, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-10 20:35:52, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-10 20:35:07, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-10 19:25:40, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-10 19:25:31, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-10 19:23:14, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-10 19:12:28, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-10 19:12:24, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-10 19:06:33, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-10 19:04:40, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-10 19:03:22, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-09 23:43:53, error: Service Control Manager [7034] - Le service Lavasoft Ad-Aware Service s'est terminé de façon inattendue pour la 1ème fois.
    2012-02-09 21:02:55, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-09 20:39:04, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-09 20:35:22, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:22, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:22, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:22, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:22, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:21, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:21, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:21, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:21, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:21, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:21, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:21, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:21, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:21, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:20, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:20, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:20, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:20, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:20, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:20, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:20, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:20, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:19, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:19, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:19, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:19, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:19, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:19, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:19, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:19, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:19, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:18, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:18, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:18, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:18, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:18, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:18, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:18, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:18, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:18, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:17, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:17, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:17, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:17, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:17, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:17, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:17, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:17, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:17, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:16, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:16, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:16, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:16, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:16, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:16, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:16, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:16, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:15, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:15, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:15, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:15, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:15, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:15, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:15, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:15, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:15, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:14, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:14, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:14, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:14, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:14, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:14, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:14, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:14, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:14, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:13, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:13, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:13, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:13, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:13, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:13, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:13, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:13, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:13, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:12, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:12, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:12, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:12, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:12, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:12, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:12, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:12, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:11, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:11, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:11, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:11, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:11, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:11, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:11, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:11, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 20:35:11, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-09 19:50:28, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-09 19:50:06, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-09 19:49:52, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-09 19:49:01, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-09 19:34:39, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-09 19:32:15, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-09 19:27:03, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-09 19:17:07, error: Service Control Manager [7034] - Le service Lavasoft Ad-Aware Service s'est terminé de façon inattendue pour la 1ème fois.
    2012-02-08 23:10:41, error: Service Control Manager [7034] - Le service Lavasoft Ad-Aware Service s'est terminé de façon inattendue pour la 1ème fois.
    2012-02-08 21:30:23, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-08 21:29:10, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-08 21:28:27, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-08 21:26:19, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-08 21:25:35, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-08 21:25:35, error: atapi [11] - Le pilote a détecté une erreur du contrôleur sur \Device\Ide\IdePort0.
    2012-02-08 21:25:33, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-08 21:25:19, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-08 21:19:53, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-08 21:15:21, error: atapi [9] - Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
    2012-02-08 21:06:00, error: Service Control Manager [7000] - Le service pxxdqkob n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.
    2012-02-07 18:53:55, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2012-02-07 18:52:45, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2012-02-07 18:52:02, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger*: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    2012-02-07 18:52:02, error: Service Control Manager [7001] - Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas pu démarrer en raison de l'erreur*: Un périphérique attaché au système ne fonctionne pas correctement.
    2012-02-07 18:52:02, error: Service Control Manager [7001] - Le service Client DNS dépend du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur*: Un périphérique attaché au système ne fonctionne pas correctement.
    2012-02-07 18:52:02, error: Service Control Manager [7001] - Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a pas pu démarrer en raison de l'erreur*: Un périphérique attaché au système ne fonctionne pas correctement.
    2012-02-07 18:52:02, error: Service Control Manager [7001] - Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a pas pu démarrer en raison de l'erreur*: Un périphérique attaché au système ne fonctionne pas correctement.
    2012-02-07 17:54:47, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2012-02-07 17:52:42, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2012-02-07 17:52:28, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger*: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    2012-02-07 17:52:28, error: Service Control Manager [7001] - Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas pu démarrer en raison de l'erreur*: Un périphérique attaché au système ne fonctionne pas correctement.
    2012-02-07 17:52:28, error: Service Control Manager [7001] - Le service Client DNS dépend du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur*: Un périphérique attaché au système ne fonctionne pas correctement.
    2012-02-07 17:52:28, error: Service Control Manager [7001] - Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a pas pu démarrer en raison de l'erreur*: Un périphérique attaché au système ne fonctionne pas correctement.
    2012-02-07 17:52:28, error: Service Control Manager [7001] - Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a pas pu démarrer en raison de l'erreur*: Un périphérique attaché au système ne fonctionne pas correctement.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:02, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:02, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-06 23:04:01, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:05, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:04, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:04, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:04, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:04, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:04, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:04, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:04, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:04, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:04, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:03, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:02, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:02, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:02, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:02, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:02, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:02, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:02, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:02, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:02, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:01, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:01, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:01, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:01, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:01, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:01, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:01, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:01, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:01, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:00, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:00, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:00, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:00, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:00, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:00, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:00, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:00, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:32:00, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:59, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:59, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:59, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:59, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:59, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:59, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:59, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:59, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:59, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:58, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:58, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:58, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:58, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:58, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:58, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:58, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:58, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:58, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
  13. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Continuing attach log:

    2012-02-03 22:31:57, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:57, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:57, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:57, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:57, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:57, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:57, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:57, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:57, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:56, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:56, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:56, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:56, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:56, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:56, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:56, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:56, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:56, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:55, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:55, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:55, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:55, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:55, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:55, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:55, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:55, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:55, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:55, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:54, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:54, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:54, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:54, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:54, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:54, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:54, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    2012-02-03 22:31:54, error: Service Control Manager [7023] - Le service Gestion d'applications s'est arrêté avec l'erreur*: Le module spécifié est introuvable.
    .
    ==== End Of File ===========================
  14. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  15. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Comodo Alert Defense + gave me high warning when executing aswmbr, but I suppose his is normal? I'll do the scan and come back with the results.

    Thanks.
  16. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Yes, all those programs are surely safe.
  17. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    AswMBR log:

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-11 09:21:05
    -----------------------------
    09:21:05.022 OS Version: Windows 5.1.2600 Service Pack 3
    09:21:05.022 Number of processors: 2 586 0xE08
    09:21:05.022 ComputerName: TOSHIBA-29519BD UserName: Toshiba
    09:23:10.147 Initialize success
    09:23:10.272 AVAST engine defs: 12021100
    09:23:40.584 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    09:23:40.584 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001A Size: 114473MB BusType: 3
    09:23:40.616 Disk 0 MBR read successfully
    09:23:40.616 Disk 0 MBR scan
    09:23:40.616 Disk 0 Windows XP default MBR code
    09:23:40.631 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63
    09:23:40.647 Disk 0 scanning sectors +234436545
    09:23:40.772 Disk 0 scanning C:\WINDOWS\system32\drivers
    09:24:55.287 Service scanning
    09:25:00.881 Modules scanning
    09:25:29.006 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
    09:25:32.225 Disk 0 trace - called modules:
    09:25:32.241 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    09:25:32.256 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfc8d5ab8]
    09:25:32.256 3 CLASSPNP.SYS[f62e8fd7] -> nt!IofCallDriver -> \Device\0000007e[0xfc94b9e8]
    09:25:32.256 5 ACPI.sys[f623e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0xfc933d98]
    09:25:34.912 AVAST engine scan C:\
    09:25:45.756 File: C:\Connect\fscommand\AOL\comps\rp\rp9codec.exe **INFECTED** Win32:Hrupka-D [Cryp]
    12:00:21.944 Scan finished successfully
    12:01:10.584 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Toshiba\Bureau\MBR.dat"
    12:01:10.616 The log file has been saved successfully to "C:\Documents and Settings\Toshiba\Bureau\06aswMBR.txt"
  18. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    bootkit remover log:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  19. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  20. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Hello here is the combofix log:

    ComboFix 12-02-11.02 - Toshiba 2012-02-11 14:07:31.1.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.3070.2357 [GMT -5:00]
    Lancé depuis: c:\documents and settings\Toshiba\Bureau\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-01-11 au 2012-02-11 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-02-10 00:47 . 2012-02-10 00:47 388096 ----a-r- c:\documents and settings\Toshiba\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-10 00:47 . 2012-02-10 00:47 -------- d-----w- c:\program files\Trend Micro
    2012-02-10 00:43 . 2012-02-10 00:43 -------- d-----w- c:\documents and settings\Toshiba\Application Data\GetRightToGo
    2012-02-10 00:38 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
    2012-02-10 00:03 . 2012-02-10 00:03 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-02-09 02:05 . 2012-02-09 02:05 -------- d-----w- C:\VritualRoot
    2012-02-05 14:45 . 2012-02-05 14:45 -------- d-----w- c:\documents and settings\Toshiba\Local Settings\Application Data\Comodo
    2012-02-05 01:46 . 2012-02-05 01:46 -------- d-----w- c:\documents and settings\Toshiba\Local Settings\Application Data\Temp
    2012-02-04 19:40 . 2012-02-04 19:40 -------- d-----w- c:\program files\7-Zip
    2012-02-04 17:10 . 2012-02-04 17:10 -------- d-----w- c:\program files\Fichiers communs\Adobe
    2012-02-04 14:51 . 2012-02-04 21:16 -------- d-----w- c:\documents and settings\Toshiba\Application Data\Intuit Canada
    2012-02-04 14:51 . 2012-02-04 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit Canada
    2012-02-03 03:19 . 2012-02-03 03:19 -------- d-----w- c:\documents and settings\LocalService\Bureau
    2012-01-31 02:55 . 2012-01-31 02:55 -------- d-----w- c:\documents and settings\Toshiba\Application Data\Sonic
    2012-01-23 02:01 . 2001-08-23 22:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2012-01-23 02:01 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2012-01-23 02:01 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2012-01-23 02:01 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2012-01-17 04:41 . 2012-01-17 04:41 -------- d-----w- c:\documents and settings\Toshiba\Local Settings\Application Data\MetaGeek,_LLC
    2012-01-16 00:12 . 2012-01-16 00:12 -------- d-----w- c:\program files\MetaGeek
    2012-01-14 15:57 . 2012-01-14 15:57 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2012-01-14 15:50 . 2012-02-10 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2012-01-14 15:50 . 2012-01-14 15:50 -------- d-----w- c:\program files\Lavasoft
    2012-01-14 15:01 . 2012-01-14 15:01 -------- d-----w- c:\documents and settings\Toshiba\Application Data\WinPatrol
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-08 23:45 . 2006-01-18 11:04 26624 ----a-w- c:\windows\system32\userinit.exe
    2012-01-17 21:00 . 2011-12-19 23:59 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-01-05 02:50 . 2012-01-05 02:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-04 03:56 . 2012-01-04 03:56 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2012-01-04 01:36 . 2012-01-04 01:36 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-12-19 23:59 . 2011-12-19 23:59 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-12-19 23:59 . 2011-12-19 23:59 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-12-19 23:59 . 2011-12-19 23:59 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-12-19 23:58 . 2011-12-19 23:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-12-19 23:58 . 2011-12-19 23:58 301224 ----a-w- c:\windows\system32\guard32.dll
    2011-12-10 20:24 . 2012-01-12 01:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-28 18:01 . 2012-01-06 02:34 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2012-01-06 02:34 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:53 . 2012-01-06 02:35 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2012-01-06 02:35 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:52 . 2012-01-06 02:35 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2012-01-06 02:35 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2012-01-06 02:35 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-11-28 17:51 . 2012-01-06 02:35 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-11-28 17:51 . 2012-01-06 02:35 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-28 17:48 . 2012-01-06 02:35 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-11-25 21:57 . 2006-01-18 11:04 293888 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 14:40 . 2006-01-18 11:04 1859712 ----a-w- c:\windows\system32\win32k.sys
    2011-11-20 06:12 . 2006-01-18 11:03 61952 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:22 . 2006-01-18 11:04 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:22 . 2006-01-18 11:04 152064 ----a-w- c:\windows\system32\schannel.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-04 4617600]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="launchapp" [X]
    "CFSServ.exe"="CFSServ.exe -NoClient" [X]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-28 61952]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
    "SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
    "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-05 1589248]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-15 761945]
    "nwiz"="nwiz.exe" [2005-12-15 1519616]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7331840]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Toshiba\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\documents and settings\Toshiba\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\documents and settings\Toshiba\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-18 155648]
    .
    c:\documents and settings\Toshiba\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO]
    2011-11-23 10:27 208184 ----a-w- c:\program files\Comodo\COMODO GeekBuddy\CLPSLA.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA]
    2011-11-23 10:27 182584 ----a-w- c:\program files\Comodo\COMODO GeekBuddy\VALA.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    .
    R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2012-01-04 17904]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-01-05 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-01-05 314456]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 494968]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2011-07-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [2011-08-11 116608]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-04 3025112]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-01-05 20568]
    R2 CLPSLS;COMODO livePCsupport Service;c:\program files\Comodo\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
    R3 NETwLx32; Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows XP 32 bits ;c:\windows\system32\drivers\NETwLx32.sys [2012-01-05 6609920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [2012-01-04 51632]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [2011-12-23 15232]
    S3 pxxdqkob;pxxdqkob;\??\c:\docume~1\Toshiba\LOCALS~1\Temp\pxxdqkob.sys --> c:\docume~1\Toshiba\LOCALS~1\Temp\pxxdqkob.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-02-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 03:12]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.ca/
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-11 14:18
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1036)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    - - - - - - - > 'lsass.exe'(1092)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'explorer.exe'(2988)
    c:\windows\system32\guard32.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\eappprxy.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
    .
    - - - - - - - > 'csrss.exe'(1000)
    c:\windows\system32\cmdcsr.dll
    .
    Heure de fin: 2012-02-11 14:25:09
    ComboFix-quarantined-files.txt 2012-02-11 19:25
    .
    Avant-CF: 59 221 544 960 octets libres
    Après-CF: 59 216 261 120 octets libres
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale 3GB" /noexecute=optin /3GB /fastdetect
    .
    - - End Of File - - 99BD89C88A5C2FD7A23A4A50AE1ABA01
  21. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Two weird things have happened upon machine restart, following combofix:

    1- Internet Explorer was no longer defined as my default browser
    2- My Intelp Pro Wireless card icon in the system tray has changed appearance, and a message states that it is managed by windows and no longer by intel.

    Are these things normal?

    Thanks
  22. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\docume~1\Toshiba\LOCALS~1\Temp\pxxdqkob.sys
    
    Folder::
    
    Driver::
    pxxdqkob
    
    Registry::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  23. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Executed the combofix again, however, on reboot I was not present and antivirus and Comodo, everything were restarted, went crazy. (catchme.dll, global hooks, etc.). Here is the log:

    ComboFix 12-02-11.02 - Toshiba 2012-02-11 15:32:38.2.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.3070.2349 [GMT -5:00]
    Lancé depuis: C:\Documents and Settings\Toshiba\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Toshiba\Bureau\cfscript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    FILE ::
    "c:\docume~1\Toshiba\LOCALS~1\Temp\pxxdqkob.sys"


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))



    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_PXXDQKOB
    -------\Service_pxxdqkob


    ((((((((((((((((((((((((((((( Fichiers créés du 2012-01-11 au 2012-02-11 ))))))))))))))))))))))))))))))))))))


    2012-02-10 00:47:20 . 2012-02-10 00:47:20 388096 ----a-r- C:\Documents and Settings\Toshiba\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-10 00:47:14 . 2012-02-10 00:47:14 -------- d-----w- C:\Program Files\Trend Micro
    2012-02-10 00:43:15 . 2012-02-10 00:43:37 -------- d-----w- C:\Documents and Settings\Toshiba\Application Data\GetRightToGo
    2012-02-10 00:38:45 . 2010-01-10 23:40:12 118784 ----a-w- C:\WINDOWS\system32\MSSTDFMT.DLL
    2012-02-10 00:03:51 . 2012-02-10 00:03:51 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
    2012-02-09 02:05:58 . 2012-02-09 02:05:59 -------- d-----w- C:\VritualRoot
    2012-02-05 14:45:21 . 2012-02-05 14:45:21 -------- d-----w- C:\Documents and Settings\Toshiba\Local Settings\Application Data\Comodo
    2012-02-05 01:46:50 . 2012-02-05 01:46:50 -------- d-----w- C:\Documents and Settings\Toshiba\Local Settings\Application Data\Temp
    2012-02-04 19:40:03 . 2012-02-04 19:40:04 -------- d-----w- C:\Program Files\7-Zip
    2012-02-04 17:10:06 . 2012-02-04 17:10:40 -------- d-----w- C:\Program Files\Fichiers communs\Adobe
    2012-02-04 14:51:44 . 2012-02-04 21:16:51 -------- d-----w- C:\Documents and Settings\Toshiba\Application Data\Intuit Canada
    2012-02-04 14:51:35 . 2012-02-04 21:16:02 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Intuit Canada
    2012-02-03 03:19:37 . 2012-02-03 03:19:37 -------- d-----w- C:\Documents and Settings\LocalService\Bureau
    2012-01-31 02:55:58 . 2012-01-31 02:55:58 -------- d-----w- C:\Documents and Settings\Toshiba\Application Data\Sonic
    2012-01-23 02:01:50 . 2001-08-23 22:47:16 5632 ----a-w- C:\WINDOWS\system32\ptpusb.dll
    2012-01-23 02:01:49 . 2008-04-13 18:45:34 15104 -c--a-w- C:\WINDOWS\system32\dllcache\usbscan.sys
    2012-01-23 02:01:49 . 2008-04-13 18:45:34 15104 ----a-w- C:\WINDOWS\system32\drivers\usbscan.sys
    2012-01-23 02:01:48 . 2008-04-14 02:33:40 159232 ----a-w- C:\WINDOWS\system32\ptpusd.dll
    2012-01-17 04:41:15 . 2012-01-17 04:41:15 -------- d-----w- C:\Documents and Settings\Toshiba\Local Settings\Application Data\MetaGeek,_LLC
    2012-01-16 00:12:12 . 2012-01-16 00:12:12 -------- d-----w- C:\Program Files\MetaGeek
    2012-01-14 15:57:16 . 2012-01-14 15:57:03 101720 ----a-w- C:\WINDOWS\system32\drivers\SBREDrv.sys
    2012-01-14 15:50:10 . 2012-02-10 02:56:19 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2012-01-14 15:50:10 . 2012-01-14 15:50:10 -------- d-----w- C:\Program Files\Lavasoft
    2012-01-14 15:01:31 . 2012-01-14 15:01:31 -------- d-----w- C:\Documents and Settings\Toshiba\Application Data\WinPatrol
    .


    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

    2012-02-08 23:45:16 . 2006-01-18 11:04:06 26624 ----a-w- C:\WINDOWS\system32\userinit.exe
    2012-01-17 21:00:48 . 2011-12-19 23:59:22 494968 ----a-w- C:\WINDOWS\system32\drivers\cmdGuard.sys
    2012-01-05 02:50:49 . 2012-01-05 02:50:49 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2012-01-04 03:56:17 . 2012-01-04 03:56:16 1700352 ----a-w- C:\WINDOWS\system32\gdiplus.dll
    2012-01-04 01:36:54 . 2012-01-04 01:36:54 21275 ----a-w- C:\WINDOWS\system32\drivers\AegisP.sys
    2011-12-19 23:59:24 . 2011-12-19 23:59:24 97760 ----a-w- C:\WINDOWS\system32\drivers\inspect.sys
    2011-12-19 23:59:22 . 2011-12-19 23:59:22 31704 ----a-w- C:\WINDOWS\system32\drivers\cmdhlp.sys
    2011-12-19 23:59:20 . 2011-12-19 23:59:20 18056 ----a-w- C:\WINDOWS\system32\drivers\cmderd.sys
    2011-12-19 23:58:58 . 2011-12-19 23:58:58 33984 ----a-w- C:\WINDOWS\system32\cmdcsr.dll
    2011-12-19 23:58:56 . 2011-12-19 23:58:56 301224 ----a-w- C:\WINDOWS\system32\guard32.dll
    2011-12-10 20:24:06 . 2012-01-12 01:41:47 20464 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2011-11-28 18:01:25 . 2012-01-06 02:34:59 41184 ----a-w- C:\WINDOWS\avastSS.scr
    2011-11-28 18:01:23 . 2012-01-06 02:34:58 199816 ----a-w- C:\WINDOWS\system32\aswBoot.exe
    2011-11-28 17:53:53 . 2012-01-06 02:35:18 435032 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
    2011-11-28 17:53:35 . 2012-01-06 02:35:22 314456 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
    2011-11-28 17:52:19 . 2012-01-06 02:35:19 34392 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
    2011-11-28 17:52:16 . 2012-01-06 02:35:19 52952 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
    2011-11-28 17:52:02 . 2012-01-06 02:35:18 111320 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
    2011-11-28 17:51:59 . 2012-01-06 02:35:18 105176 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
    2011-11-28 17:51:50 . 2012-01-06 02:35:22 20568 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2011-11-28 17:48:49 . 2012-01-06 02:35:18 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
    2011-11-25 21:57:09 . 2006-01-18 11:04:08 293888 ----a-w- C:\WINDOWS\system32\winsrv.dll
    2011-11-23 14:40:17 . 2006-01-18 11:04:08 1859712 ----a-w- C:\WINDOWS\system32\win32k.sys
    2011-11-20 06:12:29 . 2006-01-18 11:03:58 61952 ----a-w- C:\WINDOWS\system32\packager.exe
    2011-11-16 14:22:22 . 2006-01-18 11:04:08 354816 ----a-w- C:\WINDOWS\system32\winhttp.dll
    2011-11-16 14:22:22 . 2006-01-18 11:04:00 152064 ----a-w- C:\WINDOWS\system32\schannel.dll


    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01:17 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08:00 65536]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-04 14:56:00 4617600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="launchapp" [X]
    "CFSServ.exe"="CFSServ.exe -NoClient" [X]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-28 23:21:02 61952]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20:00 122940]
    "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24:50 118784]
    "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-05 22:00:06 1589248]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-15 18:32:58 761945]
    "nwiz"="nwiz.exe" [2005-12-15 04:42:00 1519616]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 04:42:00 7331840]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 17:37:40 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 16:41:50 602182]
    "COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 05:41:44 6676808]
    "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-11-28 18:01:24 3744552]
    "Adobe ARM"="C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 13:10:42 843712]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:33:59 15360]

    C:\Documents and Settings\Toshiba\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

    C:\Documents and Settings\Toshiba\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

    C:\Documents and Settings\Toshiba\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
    RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-1-18 155648]

    C:\Documents and Settings\Toshiba\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54:14 551296 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\WINDOWS\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO]
    2011-11-23 10:27:04 208184 ----a-w- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA]
    2011-11-23 10:27:06 182584 ----a-w- C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [2012-01-04 22:13:45 17904]
    R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [2012-01-05 21:35:18 435032]
    R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [2012-01-05 21:35:22 314456]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\system32\drivers\cmdGuard.sys [2011-12-19 18:59:22 494968]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\WINDOWS\system32\drivers\cmdhlp.sys [2011-12-19 18:59:22 31704]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2011-07-22 11:27:02 12880]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 16:55:22 67664]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore.exe [2011-08-11 18:38:07 116608]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files\Emsisoft Anti-Malware\a2service.exe [2012-01-04 22:13:43 3025112]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-01-05 21:35:22 20568]
    R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 05:27:04 1052472]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 07:12:10 2152152]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 13:16:28 130384]
    S3 a2acc;a2acc;C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys [2012-01-04 22:13:44 51632]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys [2011-12-23 07:12:10 15232]
    S3 NETwLx32; Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows XP 32 bits ;C:\WINDOWS\system32\drivers\NETwLx32.sys [2012-01-05 21:48:30 6609920]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 13:16:28 753504]

    Contenu du dossier 'Tâches planifiées'

    2012-02-11 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 12:12:10 . 2012-02-10 03:12:34]


    ------- Examen supplémentaire -------

    uStart Page = hxxp://www.google.ca/


    **************************************************************************
    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés:

    **************************************************************************

    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(856)
    C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    - - - - - - - > 'lsass.exe'(912)
    C:\WINDOWS\system32\guard32.dll

    - - - - - - - > 'explorer.exe'(2328)
    C:\WINDOWS\system32\guard32.dll
    C:\WINDOWS\system32\webcheck.dll
    C:\WINDOWS\system32\WPDShServiceObj.dll
    C:\WINDOWS\system32\PortableDeviceTypes.dll
    C:\WINDOWS\system32\PortableDeviceApi.dll
    C:\WINDOWS\system32\eappprxy.dll
    C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
    C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

    - - - - - - - > 'csrss.exe'(824)
    C:\WINDOWS\system32\cmdcsr.dll

    ------------------------ Autres processus actifs ------------------------

    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\system32\wscntfy.exe

    **************************************************************************

    Heure de fin: 2012-02-11 16:12:46 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-02-11 21:12:41
    ComboFix2.txt 2012-02-11 19:25:12

    Avant-CF: 59 138 338 816 octets libres
    Après-CF: 59 112 894 464 octets libres

    - - End Of File - - 73EF1422C52A6AC7C40CA44A78851EA0
  24. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  25. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Computers seems ok. No longer have that weird message when connecting to internet, before that COMODO always told me I was using an unsecured connection even if I had WPA2 and seemed active. Now, no such message anymore. CPU seems better also.

    I will execute OTL later tonight and come back with the results.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.