Slow computer, high CPU, got and cleaned trojan, but...

Solved
By needhelp51
Feb 9, 2012
  1. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    GMER four:


    .text C:\WINDOWS\system32\nvsvc32.exe[908] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[908] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\csrss.exe[924] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\csrss.exe[924] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\csrss.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[924] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
    .text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
    .text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\services.exe[1000] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\services.exe[1000] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\services.exe[1000] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\services.exe[1000] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\services.exe[1000] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\services.exe[1000] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1000] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\lsass.exe[1012] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1012] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1060] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1060] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0099D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [08, 84]
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 009ABB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 009AB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 009A7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0099D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 009A3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 009A4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 009A8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 009A8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 009A9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 009A9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1352] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll
  2. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    GMER five:

    !ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1416] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1416] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1416] rpcss.dll!WhichService 76874234 8 Bytes JMP ED501001
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00530250 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00549CD0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
    .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1484] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1484] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1484] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1604] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 00A2D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [11, 84]
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 00A3BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 00A3B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00A37DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 00A2D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A34F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A35AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00A33A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00A34390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003F1014
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003F0804
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003F0A08
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003F0C0C
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003F0E10
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003F01F8
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003F03FC
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003F0600
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00A38BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00A38990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00A39CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00A39BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00500804
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00500A08
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00500600
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 005001F8
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1660] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 005003FC
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ntdll.dll!LdrGetProcedureAddress 7C927CF0 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9]
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003E1014
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003E0804
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003E0A08
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003E0C0C
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003E0E10
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003E01F8
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003E03FC
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003E0600
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D85505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC4686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003F0600
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003F01F8
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003F03FC
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F553AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F552E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F5534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F551B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F55214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F55412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F55276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] SHELL32.dll!ShellExecuteExW 7CA198CB 5 Bytes JMP 1002A940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] SHELL32.dll!ShellExecuteEx 7CA50E45 5 Bytes JMP 1002A960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] SHELL32.dll!ShellExecuteA 7CA51170 5 Bytes JMP 1002A9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] SHELL32.dll!ShellExecuteW
  3. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    GMER six:

    7CAC5D48 5 Bytes JMP 1002A980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ole32.dll!CoCreateInstance 774BF1BC 5 Bytes JMP 40E5DB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] ole32.dll!OleLoadFromStream 774E983B 5 Bytes JMP 40F55717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] WININET.dll!InternetConnectA 404BDF3E 5 Bytes JMP 1002A920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[1692] WININET.dll!InternetConnectW 404BF8F2 5 Bytes JMP 1002A900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1784] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\svchost.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\svchost.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\svchost.exe[1784] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1784] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1784] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1784] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\svchost.exe[1784] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\svchost.exe[1784] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\svchost.exe[1784] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\svchost.exe[1784] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\svchost.exe[1784] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1784] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1864] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1864] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\fxssvc.exe[1980] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\fxssvc.exe[1980] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\fxssvc.exe[1980] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\fxssvc.exe[1980] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\fxssvc.exe[1980] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\fxssvc.exe[1980] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\fxssvc.exe[1980] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\sua.exe[2036] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2328] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0442D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [B1, 87] {MOV CL, 0x87}
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 0443BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 0443B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 04437DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0442D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 04434F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 04435AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 03EF0804
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 03EF0A08
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 03EF0600
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 03EF01F8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 03EF03FC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 04438BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 04438990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 04439CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 04439BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 04433A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 04434390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 03F01014
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 03F00804
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 03F00A08
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 03F00C0C
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 03F00E10
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 03F001F8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 03F003FC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2572] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 03F00600
    .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3120] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[3120] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[3120] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[3120] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[3120] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[3120] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00371014
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00370804
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00370A08
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00370C0C
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00370E10
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003701F8
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003703FC
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00370600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
  4. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    GMER seven:


    .text C:\WINDOWS\system32\wbem\unsecapp.exe[3128] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ntdll.dll!LdrGetProcedureAddress 7C927CF0 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9]
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003E1014
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003E0804
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003E0A08
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003E0C0C
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003E0E10
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003E01F8
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003E03FC
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003E0600
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D85505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC4686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003F0600
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003F01F8
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003F03FC
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F553AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F552E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F5534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F551B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F55214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F55412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F55276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] SHELL32.dll!ShellExecuteExW 7CA198CB 5 Bytes JMP 1002A940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] SHELL32.dll!ShellExecuteEx 7CA50E45 5 Bytes JMP 1002A960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] SHELL32.dll!ShellExecuteA 7CA51170 5 Bytes JMP 1002A9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 1002A980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ole32.dll!CoCreateInstance 774BF1BC 5 Bytes JMP 40E5DB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] ole32.dll!OleLoadFromStream 774E983B 5 Bytes JMP 40F55717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] WININET.dll!InternetConnectA 404BDF3E 5 Bytes JMP 1002A920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\internet explorer\iexplore.exe[3332] WININET.dll!InternetConnectW 404BF8F2 5 Bytes JMP 1002A900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0098D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [07, 84]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 0099BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 0099B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00997DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0098D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00994F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00995AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00993A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00994390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00451014
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00450804
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00450A08
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00450C0C
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00450E10
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 004501F8
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 004503FC
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00450600
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00460804
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00460A08
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00460600
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 004601F8
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 004603FC
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00998BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00998990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00999CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3404] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00999BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3424] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 00A8D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [17, 84]
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 00A9BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 00A9B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00A97DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 00A8D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A94F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A95AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00A93A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00A94390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00A98BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00A98990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00A99CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[3448] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00A99BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
  5. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    GMER eight:


    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3456] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 00A5D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [14, 84] {ADC AL, 0x84}
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 00A6BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 00A6B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00A67DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 00A5D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A64F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A65AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00A63A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00A64390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00A68BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00A68990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00A69CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00A69BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3552] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 00B4D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [23, 84]
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 00B5BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 00B5B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00B57DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 00B4D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B54F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B55AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 00B53A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 00B54390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 00B58BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 00B58990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00B59CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 00B59BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[3568] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3596] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\System32\svchost.exe[3636] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3636] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[3636] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[3636] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[3636] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[3636] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[3636] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[3636] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[3636] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3644] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3660] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[3700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[3700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[3700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\ctfmon.exe[3700] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\ctfmon.exe[3700] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\ctfmon.exe[3700] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\ctfmon.exe[3700] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\ctfmon.exe[3700] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\ctfmon.exe[3700] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\ctfmon.exe[3700] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[3700] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[3700] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[3700] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ntdll.dll!NtReplyWaitReceivePort
  6. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    GMER nine (last):

    7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3840] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ntdll.dll!LdrGetProcedureAddress 7C927CF0 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] SHELL32.dll!ShellExecuteExW 7CA198CB 5 Bytes JMP 1002A940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] SHELL32.dll!ShellExecuteEx 7CA50E45 5 Bytes JMP 1002A960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] SHELL32.dll!ShellExecuteA 7CA51170 5 Bytes JMP 1002A9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3856] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 1002A980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\wscntfy.exe[4572] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\WINDOWS\system32\wscntfy.exe[4572] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wscntfy.exe[4572] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[4572] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Toshiba\Bureau\ztghdzpn.exe[4632] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F60D1750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F60D1820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F60D17F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F60D17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F60D17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F60D1820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F60D1750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F60D17F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F60D17F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F60D17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F60D1820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F60D1750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F60D17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F60D17F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F60D1750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F60D1820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F60D1750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F60D1820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F60D17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F60D17F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F60D17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F60D1820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F60D1750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F60D1750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F60D1820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F60D17F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F60D17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F60D17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F60D17F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F60D1750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F60D1820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
    IAT C:\Program Files\internet explorer\iexplore.exe[492] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00C41ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\WINDOWS\system32\services.exe[1000] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
    IAT C:\WINDOWS\system32\services.exe[1000] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000
    IAT C:\Program Files\internet explorer\iexplore.exe[1692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00C41ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\internet explorer\iexplore.exe[3332] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00C41ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[3608] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Cdfs \Cdfs EDE7B400
    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----
  7. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  8. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Combofix worked well with technique #1:

    ComboFix 12-03-13.01 - Toshiba 2012-03-13 22:17:21.3.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.3070.2532 [GMT -4:00]
    Lancé depuis: c:\documents and settings\Toshiba\Bureau\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    * Un nouveau point de restauration a été créé
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-02-14 au 2012-03-14 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-03-10 18:16 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-10 18:16 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-10 18:16 . 2012-03-07 00:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-03-10 18:16 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-10 18:16 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-10 18:16 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-03-10 18:16 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-03-10 18:16 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-03-10 18:15 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-10 18:15 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-10 17:26 . 2012-03-10 17:26 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-03-10 15:07 . 2012-03-10 15:07 -------- d-----w- c:\documents and settings\Toshiba\Application Data\Intuit Canada(2)
    2012-03-10 15:06 . 2012-03-10 17:17 -------- d-----w- c:\program files\Fichiers communs\Intuit(2)
    2012-03-10 04:18 . 2008-04-14 02:33 116736 -c--a-w- c:\windows\system32\dllcache\OLDE46.tmp
    2012-03-10 04:18 . 2001-08-23 22:47 23040 -c--a-w- c:\windows\system32\dllcache\OLDE42.tmp
    2012-03-10 04:18 . 2008-04-14 02:33 18944 -c--a-w- c:\windows\system32\dllcache\OLDE3E.tmp
    2012-03-10 04:18 . 2001-08-23 22:47 27648 -c--a-w- c:\windows\system32\dllcache\OLDE3A.tmp
    2012-03-10 04:18 . 2001-08-23 22:47 4608 -c--a-w- c:\windows\system32\dllcache\OLDE36.tmp
    2012-03-10 04:18 . 2001-08-23 22:47 99865 -c--a-w- c:\windows\system32\dllcache\OLDE32.tmp
    2012-03-10 04:17 . 2001-08-18 01:11 16970 -c--a-w- c:\windows\system32\dllcache\OLDE2B.tmp
    2012-03-10 04:17 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\OLDE27.tmp
    2012-03-10 04:17 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\OLDE23.tmp
    2012-03-10 04:17 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\OLDE1F.tmp
    2012-03-10 04:17 . 2008-04-14 02:33 8192 -c--a-w- c:\windows\system32\dllcache\OLDE1B.tmp
    2012-03-10 04:17 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\OLDE17.tmp
    2012-03-10 04:17 . 2001-08-23 22:05 35402 -c--a-w- c:\windows\system32\dllcache\OLDE13.tmp
    2012-03-10 04:17 . 2008-04-14 02:32 156672 -c--a-w- c:\windows\system32\dllcache\OLDE0F.tmp
    2012-03-10 04:17 . 2008-04-14 02:32 156672 -c--a-w- c:\windows\system32\dllcache\OLDE0C.tmp
    2012-03-10 04:17 . 2008-04-14 02:32 156672 -c--a-w- c:\windows\system32\dllcache\OLDE09.tmp
    2012-03-10 04:15 . 2001-08-18 01:13 19528 -c--a-w- c:\windows\system32\dllcache\OLDDBB.tmp
    2012-03-10 04:14 . 2001-08-18 02:28 7556 -c--a-w- c:\windows\system32\dllcache\OLDD86.tmp
    2012-03-10 04:13 . 2001-08-18 02:58 22912 -c--a-w- c:\windows\system32\dllcache\OLDD48.tmp
    2012-03-10 04:12 . 2001-08-18 01:12 34375 -c--a-w- c:\windows\system32\dllcache\OLDD11.tmp
    2012-03-10 04:11 . 2004-08-05 05:00 21896 -c--a-w- c:\windows\system32\dllcache\OLDCC7.tmp
    2012-03-10 04:10 . 2001-08-23 22:47 53760 -c--a-w- c:\windows\system32\dllcache\OLDC8D.tmp
    2012-03-10 04:09 . 2001-08-18 02:56 7552 -c--a-w- c:\windows\system32\dllcache\OLDC56.tmp
    2012-03-10 04:08 . 2008-04-13 18:36 16000 -c--a-w- c:\windows\system32\dllcache\OLDBEC.tmp
    2012-03-10 04:07 . 2004-08-05 05:00 18944 -c--a-w- c:\windows\system32\dllcache\OLDB7D.tmp
    2012-03-10 04:06 . 2001-08-23 22:20 16768 -c--a-w- c:\windows\system32\dllcache\OLDB46.tmp
    2012-03-10 04:05 . 2001-08-18 02:57 65664 -c--a-w- c:\windows\system32\dllcache\OLDB06.tmp
    2012-03-10 04:04 . 2001-08-18 02:51 19584 -c--a-w- c:\windows\system32\dllcache\OLDABC.tmp
    2012-03-10 04:03 . 2001-08-18 02:28 128286 -c--a-w- c:\windows\system32\dllcache\OLDA7C.tmp
    2012-03-10 04:02 . 2001-08-23 22:47 16896 -c--a-w- c:\windows\system32\dllcache\OLDA1B.tmp
    2012-03-10 04:01 . 2001-08-23 22:47 44544 -c--a-w- c:\windows\system32\dllcache\OLD9CB.tmp
    2012-03-10 04:00 . 2001-08-18 01:50 198144 -c--a-w- c:\windows\system32\dllcache\OLD993.tmp
    2012-03-10 04:00 . 2001-08-23 22:46 123776 -c--a-w- c:\windows\system32\dllcache\OLD98F.tmp
    2012-03-10 04:00 . 2011-10-26 10:50 2071424 -c--a-w- c:\windows\system32\dllcache\OLD98B.tmp
    2012-03-10 04:00 . 2001-08-18 01:49 51552 -c--a-w- c:\windows\system32\dllcache\OLD988.tmp
    2012-03-10 04:00 . 2001-08-23 22:47 38912 -c--a-w- c:\windows\system32\dllcache\OLD984.tmp
    2012-03-10 04:00 . 2001-08-23 22:11 9472 -c--a-w- c:\windows\system32\dllcache\OLD97F.tmp
    2012-03-10 04:00 . 2001-08-18 02:53 7552 -c--a-w- c:\windows\system32\dllcache\OLD97B.tmp
    2012-03-10 04:00 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\OLD975.tmp
    2012-03-10 04:00 . 2001-08-18 01:20 87040 -c--a-w- c:\windows\system32\dllcache\OLD971.tmp
    2012-03-10 04:00 . 2001-08-18 01:20 126080 -c--a-w- c:\windows\system32\dllcache\OLD96D.tmp
    2012-03-10 04:00 . 2001-08-18 01:12 32840 -c--a-w- c:\windows\system32\dllcache\OLD969.tmp
    2012-03-10 04:00 . 2004-08-04 05:47 132695 -c--a-w- c:\windows\system32\dllcache\OLD965.tmp
    2012-03-10 03:58 . 2001-08-23 22:09 76928 -c--a-w- c:\windows\system32\dllcache\OLD929.tmp
    2012-03-10 03:58 . 2001-08-23 22:47 7168 -c--a-w- c:\windows\system32\dllcache\OLD925.tmp
    2012-03-10 03:58 . 2001-08-18 02:49 19968 -c--a-w- c:\windows\system32\dllcache\OLD921.tmp
    2012-03-10 03:58 . 2001-08-23 22:47 19968 -c--a-w- c:\windows\system32\dllcache\OLD91D.tmp
    2012-03-10 03:58 . 2001-08-23 22:08 22144 -c--a-w- c:\windows\system32\dllcache\OLD919.tmp
    2012-03-10 03:58 . 2004-08-05 05:00 229439 -c--a-w- c:\windows\system32\dllcache\OLD915.tmp
    2012-03-10 03:58 . 2001-08-18 01:50 103296 -c--a-w- c:\windows\system32\dllcache\OLD912.tmp
    2012-03-10 03:58 . 2008-04-14 02:34 119808 -c--a-w- c:\windows\system32\dllcache\OLD90E.tmp
    2012-03-10 03:58 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\OLD90B.tmp
    2012-03-10 03:58 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\OLD907.tmp
    2012-03-10 03:58 . 2001-08-18 02:48 12416 -c--a-w- c:\windows\system32\dllcache\OLD903.tmp
    2012-03-10 03:57 . 2001-08-18 03:00 2944 -c--a-w- c:\windows\system32\dllcache\OLD8FF.tmp
    2012-03-10 03:57 . 2008-04-14 02:34 40960 -c--a-w- c:\windows\system32\dllcache\OLD8FB.tmp
    2012-03-10 03:57 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\OLD8F8.tmp
    2012-03-10 03:57 . 2004-08-05 05:00 1875968 -c--a-w- c:\windows\system32\dllcache\OLD8F4.tmp
    2012-03-10 03:57 . 2004-08-05 05:00 98304 -c--a-w- c:\windows\system32\dllcache\OLD8F1.tmp
    2012-03-10 03:57 . 2001-08-18 03:02 35200 -c--a-w- c:\windows\system32\dllcache\OLD8EE.tmp
    2012-03-10 03:57 . 2001-08-18 02:48 6016 -c--a-w- c:\windows\system32\dllcache\OLD8EA.tmp
    2012-03-10 03:57 . 2008-04-14 02:34 56832 -c--a-w- c:\windows\system32\dllcache\OLD8E6.tmp
    2012-03-10 03:57 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\OLD8E2.tmp
    2012-03-10 03:56 . 2001-08-18 02:52 17280 -c--a-w- c:\windows\system32\dllcache\OLD8DE.tmp
    2012-03-10 03:56 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\OLD8DA.tmp
    2012-03-10 03:56 . 2001-08-23 22:04 12288 -c--a-w- c:\windows\system32\dllcache\OLD8D6.tmp
    2012-03-10 03:56 . 2001-08-18 02:57 16128 -c--a-w- c:\windows\system32\dllcache\OLD8D2.tmp
    2012-03-10 03:56 . 2001-08-18 02:52 6528 -c--a-w- c:\windows\system32\dllcache\OLD8CE.tmp
    2012-03-10 03:56 . 2008-04-14 02:34 7680 -c--a-w- c:\windows\system32\dllcache\OLD8CA.tmp
    2012-03-10 03:56 . 2004-08-05 05:00 34816 -c--a-w- c:\windows\system32\dllcache\OLD8C7.tmp
    2012-03-10 03:56 . 2001-08-23 22:03 320384 -c--a-w- c:\windows\system32\dllcache\OLD8C4.tmp
    2012-03-10 03:56 . 2001-08-23 22:46 235648 -c--a-w- c:\windows\system32\dllcache\OLD8C0.tmp
    2012-03-10 03:54 . 2008-04-13 18:40 7040 -c--a-w- c:\windows\system32\dllcache\OLD882.tmp
    2012-03-10 03:53 . 2008-04-14 02:33 254464 -c--a-w- c:\windows\system32\dllcache\OLD82C.tmp
    2012-03-10 03:52 . 2001-08-18 02:49 26624 -c--a-w- c:\windows\system32\dllcache\OLD796.tmp
    2012-03-10 03:51 . 2008-04-14 02:31 716856 -c--a-w- c:\windows\system32\dllcache\OLD732.tmp
    2012-03-10 03:50 . 2001-08-18 01:12 109085 -c--a-w- c:\windows\system32\dllcache\OLD6E6.tmp
    2012-03-10 03:50 . 2001-08-18 01:12 100936 -c--a-w- c:\windows\system32\dllcache\OLD6E2.tmp
    2012-03-10 03:50 . 2001-08-23 22:45 10240 -c--a-w- c:\windows\system32\dllcache\OLD6DE.tmp
    2012-03-10 03:50 . 2001-08-18 01:11 28700 -c--a-w- c:\windows\system32\dllcache\OLD6DA.tmp
    2012-03-10 03:50 . 2004-08-04 03:29 161020 -c--a-w- c:\windows\system32\dllcache\OLD6D6.tmp
    2012-03-10 03:50 . 2008-04-14 02:33 702845 -c--a-w- c:\windows\system32\dllcache\OLD6D2.tmp
    2012-03-10 03:50 . 2001-08-18 01:49 58592 -c--a-w- c:\windows\system32\dllcache\OLD6CE.tmp
    2012-03-10 03:50 . 2001-08-23 22:46 353184 -c--a-w- c:\windows\system32\dllcache\OLD6CA.tmp
    2012-03-10 03:50 . 2008-04-13 18:41 18560 -c--a-w- c:\windows\system32\dllcache\OLD6C6.tmp
    2012-03-10 03:50 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\OLD6C2.tmp
    2012-03-10 03:50 . 2004-08-05 05:00 10129408 -c--a-w- c:\windows\system32\dllcache\OLD6BE.tmp
    2012-03-10 03:49 . 2008-04-14 02:31 13463552 -c--a-w- c:\windows\system32\dllcache\OLD6BB.tmp
    2012-03-10 03:49 . 2004-08-05 05:00 10096640 -c--a-w- c:\windows\system32\dllcache\OLD6B8.tmp
    2012-03-10 03:49 . 2001-08-18 02:28 488383 -c--a-w- c:\windows\system32\dllcache\OLD6B5.tmp
    2012-03-10 03:49 . 2001-08-18 02:28 50751 -c--a-w- c:\windows\system32\dllcache\OLD6B1.tmp
    2012-03-10 03:49 . 2001-08-18 02:28 73279 -c--a-w- c:\windows\system32\dllcache\OLD6AC.tmp
    2012-03-10 03:49 . 2001-08-18 02:28 44863 -c--a-w- c:\windows\system32\dllcache\OLD6A8.tmp
    2012-03-10 03:49 . 2001-08-18 02:28 57471 -c--a-w- c:\windows\system32\dllcache\OLD6A4.tmp
    2012-03-10 03:49 . 2001-08-18 02:28 542879 -c--a-w- c:\windows\system32\dllcache\OLD6A0.tmp
    2012-03-10 03:49 . 2001-08-18 02:28 391199 -c--a-w- c:\windows\system32\dllcache\OLD69C.tmp
    2012-03-10 03:49 . 2001-08-23 22:47 9759 -c--a-w- c:\windows\system32\dllcache\OLD698.tmp
    2012-03-10 03:47 . 2001-08-23 22:47 119296 -c--a-w- c:\windows\system32\dllcache\OLD63F.tmp
    2012-03-10 03:46 . 2004-08-05 05:00 6144 -c--a-w- c:\windows\system32\dllcache\OLD5EA.tmp
    2012-03-10 03:45 . 2004-08-04 03:32 137088 -c--a-w- c:\windows\system32\dllcache\OLD574.tmp
    2012-03-10 03:44 . 2001-08-18 01:11 69194 -c--a-w- c:\windows\system32\dllcache\OLD4FE.tmp
    2012-03-10 03:43 . 2001-08-23 22:47 6216 -c--a-w- c:\windows\system32\dllcache\OLD49F.tmp
    2012-03-10 03:42 . 2001-08-23 22:08 117760 -c--a-w- c:\windows\system32\dllcache\OLD414.tmp
    2012-03-10 03:41 . 2004-08-04 03:31 480256 -c--a-w- c:\windows\system32\dllcache\OLD37E.tmp
    2012-03-10 03:40 . 2001-08-18 01:11 31529 -c--a-w- c:\windows\system32\dllcache\OLD235.tmp
    2012-03-10 03:39 . 2001-08-23 21:59 289920 -c--a-w- c:\windows\system32\dllcache\OLD167.tmp
    2012-03-10 03:38 . 2003-04-15 01:29 16384 -c--a-w- c:\windows\system32\dllcache\OLD92.tmp
    2012-03-10 03:37 . 2011-10-26 10:50 2194816 -c--a-w- c:\windows\system32\dllcache\OLD56.tmp
    2012-03-08 02:36 . 2012-03-10 14:54 -------- d-----w- c:\windows\system32\FxsTmp
    2012-03-08 02:36 . 2004-08-05 05:00 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll
    2012-03-08 02:36 . 2004-08-05 05:00 31744 ----a-w- c:\windows\system32\fxsroute.dll
    2012-03-08 02:36 . 2004-08-05 05:00 141312 -c--a-w- c:\windows\system32\dllcache\fxsclntr.dll
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-10 21:28 . 2012-01-05 02:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-10 00:47 . 2012-02-10 00:47 388096 ----a-r- c:\documents and settings\Toshiba\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-08 23:45 . 2006-01-18 11:04 26624 ----a-w- c:\windows\system32\userinit.exe
    2012-02-03 09:58 . 2006-01-18 11:04 1860224 ----a-w- c:\windows\system32\win32k.sys
    2012-01-17 21:00 . 2011-12-19 23:59 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-01-14 15:57 . 2012-01-14 15:57 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2012-01-09 16:20 . 2006-01-18 10:28 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-01-04 03:56 . 2012-01-04 03:56 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2011-12-19 23:59 . 2011-12-19 23:59 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-12-19 23:59 . 2011-12-19 23:59 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-12-19 23:59 . 2011-12-19 23:59 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-12-19 23:58 . 2011-12-19 23:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-12-19 23:58 . 2011-12-19 23:58 301224 ----a-w- c:\windows\system32\guard32.dll
    2011-12-17 19:43 . 2006-01-18 11:04 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:43 . 2006-01-18 11:03 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:43 . 2006-01-18 11:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22 . 2006-01-18 11:03 385024 ------w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-11 3905920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="launchapp" [X]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-28 61952]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
    "SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
    "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-05 1589248]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-15 761945]
    "nwiz"="nwiz.exe" [2005-12-15 1519616]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7331840]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-10-24 1407248]
    "IntelWireless"="c:\program files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2011-10-24 1210640]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Toshiba\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\documents and settings\Toshiba\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\documents and settings\Toshiba\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-18 155648]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    c:\documents and settings\Toshiba\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO]
    2011-11-23 10:27 208184 ----a-w- c:\program files\Comodo\COMODO GeekBuddy\CLPSLA.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA]
    2011-11-23 10:27 182584 ----a-w- c:\program files\Comodo\COMODO GeekBuddy\VALA.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\lxdxcoms.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
    .
    R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2012-01-04 17904]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-03-10 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-03-10 337880]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 494968]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2011-07-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [2011-08-11 116608]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-04 3025112]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-03-10 20696]
    R2 CLPSLS;COMODO livePCsupport Service;c:\program files\Comodo\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
    R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [2011-10-14 994360]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-14 399416]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-09-01 15544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [2012-01-04 51632]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 NETwLx32; Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows XP 32 bits ;c:\windows\system32\drivers\NETwLx32.sys [2012-01-05 6609920]
    S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    .
    Contenu du dossier 'Tâches planifiées'
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.ca/
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-13 22:25
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(960)
    c:\windows\system32\guard32.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\netprovcredman.dll
    .
    - - - - - - - > 'lsass.exe'(1016)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'explorer.exe'(3584)
    c:\windows\system32\guard32.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\netprovcredman.dll
    .
    - - - - - - - > 'csrss.exe'(928)
    c:\windows\system32\cmdcsr.dll
    .
    Heure de fin: 2012-03-13 22:34:07
    ComboFix-quarantined-files.txt 2012-03-14 02:33
    .
    Avant-CF: 49 085 095 936 octets libres
    Après-CF: 49 083 482 112 octets libres
    .
    - - End Of File - - 37C48890DE9B9E3FF0BC1A14D85B9C84
  9. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    I don't see anything malicious.

    What are the current issues?
  10. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Aswmbr showed:

    22:57:41.968 File: C:\Connect\fscommand\AOL\comps\rp\rp9codec.exe **INFECTED** Win32:Hrupka-D [Cryp]
  11. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Upload following files to http://www.virustotal.com/ for security check:
    - C:\Connect\fscommand\AOL\comps\rp\rp9codec.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  12. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    This file is safe?

    SHA256: 70a9793d2584dca3fc0f86555a0865a0ed42c94654ef56ef32bfc7ab9bc04fdb
    SHA1: 2d7a3778b0470bef457320c688c92a8958646725
    MD5: 97b51ffdc795ab2a268d40c66ee858b8
    File size: 352.0 KB ( 360448 bytes )
    File name: rp9codec.exe
    File type: Win32 EXE
    Detection ratio: 0 / 43
    Analysis date: 2012-03-14 03:08:50 UTC ( 0 minute ago )

    00
    Antivirus Result Update
    AhnLab-V3 - 20120313
    AntiVir - 20120313
    Antiy-AVL - 20120313
    Avast - 20120314
    AVG - 20120314
    BitDefender - 20120314
    ByteHero - 20120309
    CAT-QuickHeal - 20120313
    ClamAV - 20120314
    Commtouch - 20120313
    Comodo - 20120313
    DrWeb - 20120314
    Emsisoft - 20120314
    eSafe - 20120313
    eTrust-Vet - 20120313
    F-Prot - 20120313
    F-Secure - 20120314
    Fortinet - 20120313
    GData - 20120314
    Ikarus - 20120314
    Jiangmin - 20120301
    K7AntiVirus - 20120313
    Kaspersky - 20120314
    McAfee - 20120309
    McAfee-GW-Edition - 20120313
    Microsoft - 20120313
    NOD32 - 20120314
    Norman - 20120314
    nProtect - 20120313
    Panda - 20120313
    PCTools - 20120313
    Prevx - 20120314
    Rising - 20120313
    Sophos - 20120314
    SUPERAntiSpyware - 20120314
    Symantec - 20120314
    TheHacker - 20120313
    TrendMicro - 20120313
    TrendMicro-HouseCall - 20120314
    VBA32 - 20120313
    VIPRE - 20120313
    ViRobot - 20120313
    VirusBuster - 20120314

    Comments
    Additional information
    No comments

    Appears to be a legitimate file on the restore partition of a Gateway-branded Windows NT v5.1/'XP' SP2 system.
    #goodware
    Posted 1 an, 5 mois ago by Progman
  13. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    False alarm.
  14. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Last time, that hrupka was there, but was gone after our work when I rescanned with ASWmbr. So, my mistake. Can I delete that whole fscommand directory though, I guess this came with the Toshiba factory setup, it contains some AOL files and Netscape, but I don't use AOL or netscape altogether?
  15. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Yes you can.
  16. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Good. Thanks I will get rid of those files.

    :)
  17. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Sure thing :)
  18. needhelp51

    needhelp51 TechSpot Enthusiast Topic Starter Posts: 218

    Another weird thing I had observed,picture files showing album cover by unknown artist have appeared in one of my work directory.There is an INI file as well that appeared which contains:

    [.ShellClassInfo]
    FolderType=MusicAlbum
    MusicBuyUrl=http://redir.metaservices.microsoft.com/redir/buynow/?providerName=AMG&albumID=059754E9-625C-4473-B19D-8CDA1DAF2FDD&a_id=R%20%20%20265884&album=Lactose%20Adept&artistID=6C6FFEAA-83E4-4634-9181-B07CEEED9EE7&p_id=P%20%20%20204631&artist=Rob%20Crow&locale=40c&geoid=27&version=11.0.5721.5280&userlocale=c0c

    A concern?

    After that, I'll be able to sleep well, hehe.
  19. Broni

    Broni Malware Annihilator Posts: 46,179   +251



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.