Inactive Google redirects general annoyances

Status
Not open for further replies.
D

Demianwulf

Posts: 74   +0
Ran Malwarebytes and followed the sticky as much as possible.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7321

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/29/2011 6:41:52 PM
mbam-log-2011-07-29 (18-41-52).txt

Scan type: Quick scan
Objects scanned: 205377
Time elapsed: 26 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\laura\application data\Sun\mnj.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\laura\application data\Sun\mxd1.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\laura\application data\Sun\uuoo.dat (Malware.Trace) -> Quarantined and deleted successfully.
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.2 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Web Premium
Adobe CS4 American English Speech Analysis Models
Adobe CS4 French Speech Analysis Models
Adobe CS4 German Speech Analysis Models
Adobe CS4 International English Speech Analysis Models
Adobe CS4 Italian Speech Analysis Models
Adobe CS4 Japanese Speech Analysis Models
Adobe CS4 Korean Speech Analysis Models
Adobe CS4 Spanish Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.0)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Advanced Video FX Engine
AiO_Scan
aioprnt
aioscnnr
AiOSoftware
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bejeweled 2 Deluxe
Bonjour
BufferChm
C4USelfUpdater
CCleaner
center
COMODO Internet Security
Connect
CuteFTP 8 Home
CuteFTP 8 Lite
Dell Driver Download Manager
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Destinations
Director
Disney Toontown Online
essentials
Fax
Fax Machine 4.33
Fingerprint Reader Suite 5.6
Google Talk (remove only)
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Image Zone Express
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
iTunes
Java(TM) 6 Update 17
Kodak AIO Printer
KODAK AiO Software
kuler
Laptop Integrated Webcam Driver (1.02.01.0612)
Lexmark 3600-4600 Series
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft IntelliPoint 7.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.18)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
NetAssistant
NetAssistant for Firefox
Nitro PDF Professional
nLite 1.4.9.1
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
ocr
Octoshape add-in for Adobe Flash Player
Opera 10.00
PDF Settings CS4
Peggle Deluxe
Photoshop Camera Raw
Pixel Bender Toolkit
Plants vs. Zombies
PreReq
QFolder
QuickTime
Readme
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic CinePlayer DVD Pack
Spybot - Search & Destroy
Suite Shared Configuration CS4
TextPad 5
TouchChip USB Driver 2.6
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebEx
WebFldrs XP
WebReg
WIDCOMM Bluetooth Software
Windows Driver Package - Intel (NETw4x32) net (03/13/2008 11.5.1.15)
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
Windows Driver Package - Intel net (03/13/2008 11.5.1.15)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinZip 15.0
Yontoo Layers Runtime 1.10.01
.
==== End Of File ===========================
 
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Run by laura at 11:05:37 on 2011-07-31
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\documents and settings\laura\start menu\programs\startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Audible Download Manager.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Bluetooth.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\McAfee Security Scan Plus.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Sonic CinePlayer Quick Launch.lnk.disabled
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254868765046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{721778C6-9B3B-4921-8BDE-AB0BAF4322D4} : DhcpNameServer = 68.87.73.246 68.87.71.230
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli psqlpwd
mASetup: {3081C8F7-5710-4508-B8E1-BA5BB59FEC43} - rundll32.exe "c:\documents and settings\laura\application data\sun\gurfoat.dll", UnregisterDll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\laura\application data\mozilla\firefox\profiles\ouswtyky.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\laura\application data\mozilla\firefox\profiles\ouswtyky.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\documents and settings\laura\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\laura\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\laura\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\laura\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {87BC5F78-DB0A-473F-A1E2-9EB80EDA44C2} - c:\documents and settings\laura\local settings\application data\{87BC5F78-DB0A-473F-A1E2-9EB80EDA44C2}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\documents and settings\laura\application data\NetAssistant
.
---- FIREFOX POLICIES ----
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-07-30 10:55:08 4098 ----a-w- c:\windows\system32\tmp.reg
2011-07-30 10:39:03 -------- d-----w- C:\TDSSKiller_Quarantine
2011-07-30 00:20:17 -------- d-----w- c:\program files\COMODO
2011-07-30 00:19:15 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2011-07-30 00:18:31 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2011-07-30 00:16:51 -------- d-----w- c:\program files\CCleaner
2011-07-29 22:44:01 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-29 22:43:44 40112 ----a-w- c:\windows\avastSS.scr
2011-07-29 22:43:22 -------- d-----w- c:\program files\AVAST Software
2011-07-29 22:43:22 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-07-29 22:21:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-29 22:21:07 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-24 21:24:10 -------- d-----w- c:\documents and settings\laura\application data\NetAssistant
2011-07-24 21:23:06 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-07-24 21:23:06 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-07-24 21:22:58 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-07-24 16:46:18 -------- d-----w- C:\windowsinstall
2011-07-24 16:15:08 -------- d-----w- c:\program files\nLite
2011-07-24 16:13:39 2665796 ----a-w- c:\program files\nLite-1.4.9.1.installer.exe
2011-07-21 18:49:04 -------- d-sh--r- C:\cmdcons
2011-07-21 18:49:02 -------- d-----w- c:\windows\setup.pss
2011-07-19 22:52:36 -------- d-----w- c:\documents and settings\laura\local settings\application data\{87BC5F78-DB0A-473F-A1E2-9EB80EDA44C2}
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 13:38:14 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 13:38:14 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 13:38:12 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 13:37:26 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-22 00:57:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-06 12:42:39 8588616 ----a-w- c:\program files\Firefox Setup 3.6.15.exe
2011-03-06 05:31:17 6370816 ----a-w- c:\program files\iREB-r4.exe
.
============= FINISH: 11:08:51.73 ===============
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================================

GMER log is missing.
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-31 16:22:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: 00t5o5l5.exe; Driver: C:\DOCUME~1\laura\LOCALS~1\Temp\fwlyqkob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xACE4C202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xACEB2D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xACE706C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xACE4E7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xACE4E848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xACE4E95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xACE70075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xACE4E746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xACE4E898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xACE4E79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xACE4E90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xACE4C226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xACE70D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xACE7103D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xACE4EBE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xACE70BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xACE70A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xACEB2E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xACE4BFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xACE4C24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xACE4ED56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xACE4CCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xACE4E820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xACE4E870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xACE4E988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xACE703D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xACE4E772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xACE4EA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xACE4E8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xACE4E7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xACE4EAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xACE4E936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xACEB2ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xACE708D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xACE4CBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xACE7072A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xACEBB10E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xACE6F6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xACE4C26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xACE4C292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xACE4C04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xACE4C186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xACE70E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xACE4C162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xACE4C1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xACE4C2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xACEC8398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 4 Bytes JMP D656F201
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 8 Bytes [98, E8, E4, AC, 9A, E7, E4, ...] {CWDE ; CALL 0xffffffffe79aacea; IN AL, 0xac}
.text ntkrnlpa.exe!ZwCallbackReturn + 2CBC 80504558 4 Bytes [0C, E9, E4, AC] {OR AL, 0xe9; IN AL, 0xac}
.text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 8 Bytes [20, E8, E4, AC, 70, E8, E4, ...] {AND AL, CH; IN AL, 0xac; JO 0xffffffffffffffee; IN AL, 0xac}
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes JMP D7DCF33D
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL ACE4D335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP ACEC3D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP ACEC57F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP ACEC839C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5096380, 0x5414D5, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP ACE4FCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP ACE4FBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP ACE4EF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP ACE4FE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP ACE50014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP ACE4FB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP ACE4EE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP ACE4F180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP ACE4F326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP ACE4EE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP ACE4FBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP ACE4F2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP ACE4FD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP ACE4FF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP ACE4EFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP ACE4F03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP ACE4F0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP ACE4F0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP ACE4ED8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP ACE4EEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP ACE4F008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP ACE4F440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP ACE4FECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\laura\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[256] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\Explorer.EXE[396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[396] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[396] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\NLSSRV32.EXE[604] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[664] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
 
.text C:\WINDOWS\system32\HPZipm12.exe[664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\HPZipm12.exe[664] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\HPZipm12.exe[664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\HPZipm12.exe[664] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\HPZipm12.exe[664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\HPZipm12.exe[664] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\HPZipm12.exe[664] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\HPZipm12.exe[664] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[696] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\rundll32.exe[696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\rundll32.exe[696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\rundll32.exe[696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\rundll32.exe[696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\rundll32.exe[696] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\rundll32.exe[696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\rundll32.exe[696] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[696] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\smss.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0096CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00975680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0096CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009726F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00973280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0097DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00971220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00971B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0097E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[976] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 0097E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[984] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DellTPad\Apoint.exe[984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DellTPad\Apoint.exe[984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\DellTPad\Apoint.exe[984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\DellTPad\Apoint.exe[984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\DellTPad\Apoint.exe[984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\DellTPad\Apoint.exe[984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\DellTPad\Apoint.exe[984] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\DellTPad\Apoint.exe[984] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\csrss.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[992] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[1020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[1020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[1020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[1020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\spoolsv.exe[1044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\spoolsv.exe[1044] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1044] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1044] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1068] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1068] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1068] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1068] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1068] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1068] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1080] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1080] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[1232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\nvsvc32.exe[1232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\nvsvc32.exe[1232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\nvsvc32.exe[1232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\nvsvc32.exe[1232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\nvsvc32.exe[1232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\nvsvc32.exe[1232] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
 
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1336] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1336] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005190B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00531040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1376] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe[1432] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1456] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1456] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\laura\My Documents\Downloads\00t5o5l5.exe[1548] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1596] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1596] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\AbtSvcHost_.exe[1608] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1740] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1740] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A6CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A75680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A6CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A726F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A73280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A71220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A71B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00A7DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00A7E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1784] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00A7E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
 
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1904] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1912] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2036] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2056] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2436] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2436] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2668] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DellTPad\HidFind.exe[2668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2668] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DellTPad\HidFind.exe[2668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\DellTPad\HidFind.exe[2668] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\DellTPad\HidFind.exe[2668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\DellTPad\HidFind.exe[2668] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\DellTPad\HidFind.exe[2668] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\DellTPad\HidFind.exe[2668] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\DellTPad\HidFind.exe[2668] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\DellTPad\HidFind.exe[2668] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2668] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074CB10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\DellTPad\Apntex.exe[2728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DellTPad\Apntex.exe[2728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DellTPad\Apntex.exe[2728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\DellTPad\Apntex.exe[2728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\DellTPad\Apntex.exe[2728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\DellTPad\Apntex.exe[2728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\DellTPad\Apntex.exe[2728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\DellTPad\Apntex.exe[2728] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\DellTPad\Apntex.exe[2728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[2784] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[2784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[2784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[2784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[2784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[2784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[2784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\ctfmon.exe[2784] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2784] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2784] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3020] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3020] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\alg.exe[3020] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3020] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3132] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3160] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3324] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[3368] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[3484] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00E47E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00E3CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E47E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E47ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00E47EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00E47E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00E474E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00E47E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00E47DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E47490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00E47DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00E47DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E47E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00E477A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00E47530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E45680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00E3CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00E47D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E47CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E47A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00E47D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E47D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E47AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E426F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E43280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E47D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E47AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00E47B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00E47AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E47CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00E47B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E47BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00E47CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00E47C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E47C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E47C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00E47B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00E47B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00E47BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E47C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00E47B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00E47BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00E47C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 00E47A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!WinExec + 3 7C862510 2 Bytes [5E, 84]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00E47D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00E41220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00E41B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006B1014
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006B0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006B0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006B0C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006B0E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006B01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006B03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006B0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00E47970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 00E47990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 037D155A C:\Documents and Settings\laura\Application Data\Sun\gurfoat.dll (Google search plugin/Google Inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006C0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006C0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 037D13A4 C:\Documents and Settings\laura\Application Data\Sun\gurfoat.dll (Google search plugin/Google Inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006C0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006C01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006C03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00E4DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 00E479F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 00E47A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 00E47A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 00E47A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00E4E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00E4E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] wininet.dll!InternetConnectA 3D94B0B2 5 Bytes JMP 00E479D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] wininet.dll!InternetConnectW 3D94C2A0 5 Bytes JMP 00E479B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[3604] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00D5CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D65680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D5CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D626F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D63280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00D61220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00D61B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 005D1014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 005D0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 005D0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 005D0C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 005D0E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005D01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005D03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 005D0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005E0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 005E0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005E0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005E01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005E03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00D6DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104089D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00D6E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00D6E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\lxdxcoms.exe[3808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xEE 0x00 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8A 0xF6 0xCB 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0xE8 0x17 0x65 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xEE 0x00 0xDE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8A 0xF6 0xCB 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0xE8 0x17 0x65 ...

---- EOF - GMER 1.0.15 ----
 
hope i posted all that correctly seems bigger than i remember...apologies if it is incorrect. I'll rerun if necessary.
 
You did fine :)

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-01 07:00:52
-----------------------------
07:00:52.390 OS Version: Windows 5.1.2600 Service Pack 3
07:00:52.390 Number of processors: 2 586 0x1706
07:00:52.390 ComputerName: LAURAS-LAPTOP UserName: laura
07:00:55.375 Initialize success
07:00:56.531 AVAST engine defs: 11073100
07:01:05.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
07:01:05.156 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
07:01:05.265 Disk 0 MBR read successfully
07:01:05.265 Disk 0 MBR scan
07:01:05.281 Disk 0 Windows XP default MBR code
07:01:05.312 Disk 0 scanning sectors +625121280
07:01:05.531 Disk 0 scanning C:\WINDOWS\system32\drivers
07:01:51.968 Service scanning
07:01:53.843 Modules scanning
07:02:09.109 Disk 0 trace - called modules:
07:02:09.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
07:02:09.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0dfab8]
07:02:09.125 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8b073030]
07:02:10.640 AVAST engine scan C:\WINDOWS
07:02:29.234 AVAST engine scan C:\WINDOWS\system32
07:04:57.937 AVAST engine scan C:\WINDOWS\system32\drivers
07:05:17.359 AVAST engine scan C:\Documents and Settings\laura
07:19:01.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\laura\Desktop\MBR.dat"
07:19:01.312 The log file has been saved successfully to "C:\Documents and Settings\laura\Desktop\aswMBR.txt"


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-01 07:24:11
-----------------------------
07:24:11.296 OS Version: Windows 5.1.2600 Service Pack 3
07:24:11.296 Number of processors: 2 586 0x1706
07:24:11.296 ComputerName: LAURAS-LAPTOP UserName: laura
07:24:14.031 Initialize success
07:24:14.515 AVAST engine defs: 11073100
07:24:19.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
07:24:19.328 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
07:24:19.343 Disk 0 MBR read successfully
07:24:19.359 Disk 0 MBR scan
07:24:19.359 Disk 0 Windows XP default MBR code
07:24:19.375 Disk 0 scanning sectors +625121280
07:24:19.500 Disk 0 scanning C:\WINDOWS\system32\drivers
07:24:42.578 Service scanning
07:24:46.046 Modules scanning
07:24:54.734 Disk 0 trace - called modules:
07:24:54.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
07:24:54.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0d3ab8]
07:24:54.750 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8aa9b030]
07:24:56.453 AVAST engine scan C:\WINDOWS
07:25:02.765 AVAST engine scan C:\WINDOWS\system32
07:26:39.609 AVAST engine scan C:\WINDOWS\system32\drivers
07:26:53.859 AVAST engine scan C:\Documents and Settings\laura
08:01:27.156 AVAST engine scan C:\Documents and Settings\All Users
08:03:46.250 Scan finished successfully
08:13:47.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\laura\Desktop\MBR.dat"
08:13:47.718 The log file has been saved successfully to "C:\Documents and Settings\laura\Desktop\aswMBR.txt"
 
ComboFix 11-07-31.04 - laura 08/01/2011 8:34.1.2 - x86
Running from: c:\documents and settings\laura\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\SPL14CF.tmp
c:\documents and settings\All Users\SPL17A.tmp
c:\documents and settings\All Users\SPL17D.tmp
c:\documents and settings\All Users\SPL1C1.tmp
c:\documents and settings\All Users\SPL1D2.tmp
c:\documents and settings\All Users\SPL367.tmp
c:\documents and settings\All Users\SPL3EA.tmp
c:\documents and settings\All Users\SPL50B.tmp
c:\documents and settings\All Users\SPL84E.tmp
c:\documents and settings\laura\Application Data\Adobe\plugs
c:\documents and settings\laura\Application Data\Adobe\shed
c:\documents and settings\laura\Application Data\Sun\gurfoat.dll
c:\documents and settings\laura\Application Data\Sun\mnj.dat
c:\documents and settings\laura\Application Data\Sun\mxd1.txt
c:\documents and settings\laura\Application Data\Sun\uuoo.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
-------\Service_SPService
-------\Service_USBAAPL
.
.
((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-07-30 10:39 . 2011-07-30 10:39 -------- d-----w- C:\TDSSKiller_Quarantine
2011-07-30 00:20 . 2011-07-30 00:20 -------- d-----w- c:\program files\COMODO
2011-07-30 00:19 . 2011-07-30 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-07-30 00:18 . 2011-07-30 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2011-07-30 00:16 . 2011-07-30 00:16 -------- d-----w- c:\program files\CCleaner
2011-07-29 22:44 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-29 22:44 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-29 22:44 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-29 22:44 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-29 22:44 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-29 22:44 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-29 22:44 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-29 22:44 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-29 22:43 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-29 22:43 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-29 22:43 . 2011-07-29 22:43 -------- d-----w- c:\program files\AVAST Software
2011-07-29 22:43 . 2011-07-29 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-29 22:21 . 2011-07-30 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-29 22:21 . 2011-07-29 22:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-29 17:48 . 2011-07-29 17:48 -------- d-----w- c:\documents and settings\Administrator
2011-07-24 21:24 . 2011-07-24 21:24 -------- d-----w- c:\documents and settings\laura\Application Data\NetAssistant
2011-07-24 21:23 . 2011-07-24 21:23 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-07-24 21:23 . 2011-07-24 21:23 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-07-24 16:46 . 2011-07-24 16:53 -------- d-----w- C:\windowsinstall
2011-07-24 16:15 . 2011-07-24 17:00 -------- d-----w- c:\program files\nLite
2011-07-24 16:13 . 2011-07-24 16:13 2665796 ----a-w- c:\program files\nLite-1.4.9.1.installer.exe
2011-07-19 22:52 . 2011-07-19 22:52 -------- d-----w- c:\documents and settings\laura\Local Settings\Application Data\{87BC5F78-DB0A-473F-A1E2-9EB80EDA44C2}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2010-07-24 20:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-07-24 20:50 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 13:38 . 2011-06-30 13:38 97504 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 13:38 . 2011-06-30 13:38 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 13:38 . 2011-06-30 13:38 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 13:38 . 2011-06-30 13:38 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 13:37 . 2011-06-30 13:37 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-22 00:57 . 2011-06-22 00:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-03-06 12:42 . 2011-03-06 12:42 8588616 ----a-w- c:\program files\Firefox Setup 3.6.15.exe
2011-03-06 05:31 . 2011-03-06 05:31 6370816 ----a-w- c:\program files\iREB-r4.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-06-30 21:49 194848 ------w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 20:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 20:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-08-02 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-03-03 2510848]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
.
c:\documents and settings\laura\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2009-10-17 947]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk.disabled [2011-6-15 1762]
Bluetooth.lnk.disabled [2011-3-5 637]
HP Digital Imaging Monitor.lnk.disabled [2010-4-14 1808]
McAfee Security Scan Plus.lnk.disabled [2010-7-26 1611]
Sonic CinePlayer Quick Launch.lnk.disabled [2009-12-17 773]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 03:04 86528 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeBridge"=
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe"
"Fax Machine"=
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"hikinof"="rundll32" "c:\windows\system32\vibevij.dll" ,r
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NVHotkey"=rundll32.exe nvHotkey.dll,Start
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /installquiet
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" /startup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\WINDOWS\\system32\\lxdxcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxlscn.exe"=
"c:\\Documents and Settings\\laura\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\laura\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxwbgw.exe"=
"c:\\Documents and Settings\\laura\\Application Data\\Macromedia\\Flash Player\\"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"6088:TCP"= 6088:TCP:spport
"5558:TCP"= 5558:TCP:spport
"11903:TCP"= 11903:TCP:spport
"21178:TCP"= 21178:TCP:spport
"12746:TCP"= 12746:TCP:spport
.
R1 SASDIFSV;SASDIFSV;c:\docume~1\laura\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\docume~1\laura\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-08-02 288112]
R3 cpuz134;cpuz134;c:\docume~1\laura\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-06 664064]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-06-30 242600]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-06-30 29400]
S2 AbtSvcHost;AbtSvcHost;c:\windows\system32\AbtSvcHost_.exe [2010-07-12 49584]
S2 aswFsBlk;aswFsBlk; [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 589824]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-02-27 98984]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2010-07-09 196928]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-07-09 65856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-299502267-839522115-1003Core.job
- c:\documents and settings\laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-08 23:21]
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-299502267-839522115-1003UA.job
- c:\documents and settings\laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-08 23:21]
.
2011-05-03 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-11 21:23]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
FF - ProfilePath - c:\documents and settings\laura\Application Data\Mozilla\Firefox\Profiles\ouswtyky.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {87BC5F78-DB0A-473F-A1E2-9EB80EDA44C2} - c:\documents and settings\laura\Local Settings\Application Data\{87BC5F78-DB0A-473F-A1E2-9EB80EDA44C2}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\documents and settings\laura\Application Data\NetAssistant
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
SafeBoot-Wdf01000.sys
HKLM_ActiveSetup-{3081C8F7-5710-4508-B8E1-BA5BB59FEC43} - c:\documents and settings\laura\Application Data\Sun\gurfoat.dll
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-01 09:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\Fingerprint Reader Suite\homepass.dll
c:\program files\Fingerprint Reader Suite\bio.dll
c:\program files\Fingerprint Reader Suite\remote.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2576)
c:\windows\system32\WININET.dll
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
.
**************************************************************************
.
Completion time: 2011-08-01 09:12:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-01 13:12
.
Pre-Run: 226,780,004,352 bytes free
Post-Run: 228,898,832,384 bytes free
.
- - End Of File - - 594CEE3A111F15997CEC5F0B4F700F50
 
How is computer doing?

Uninstall Yontoo Layers Runtime 1.10.01.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Sorry for the late reply...The computer was working great from the previous stuff we did. Google redirects where gone and it was shutting down and rebooting fine. Unfortunately, it is a family member of mines and she was too impatient to get it back so I wasnt able to perform the last bits from the last post you wrote up. I did forward the information in hopes she would do it and send it back to me but that doesn't at all seem likely. I guess we can call this one closed since I won't be able to work on it anymore. Many thanks...I hope the stuff we did before was sufficient to keep her from coming back :)
 
Status
Not open for further replies.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
B
Solved MachineLearning/Anomalous.94%
2
Replies
29
Views
11K
Broni
Broni

Latest posts

Back