Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Malware


  • This topic is locked This topic is locked

#1
king011

king011

    Member

  • Member
  • PipPip
  • 58 posts
Hello,

Lately MSE (Microsoft security essentials) has been detecting a lot of malware on my computer and obviously I have been removing it straight away via MSE. However I'm not sure if my computer is totally malware free because its seems to be lagging abit in terms of when using Google chrome and in general. Could you please help me to determine whether if my computer is malware free or not?

Also OTL created a extras.txt do you want me to upload that to?

Many Thanks
Regards
King011




OTL logfile created on: 20/10/2011 15:12:48 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hussains\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.12% Memory free
4.23 Gb Paging File | 3.00 Gb Available in Paging File | 71.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 155.00 Gb Free Space | 69.58% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.76% Space Free | Partition Type: NTFS
Drive K: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 7.47 Gb Total Space | 7.27 Gb Free Space | 97.33% Space Free | Partition Type: FAT32

Computer Name: HUSSAINS-PC | User Name: Hussains | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/20 15:05:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hussains\Desktop\OTL.exe
PRC - [2011/09/25 18:59:56 | 001,636,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/06/30 09:37:28 | 001,793,712 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/06/30 09:37:06 | 002,554,696 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/06/23 11:26:40 | 009,936,776 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\EASEUS Data Recovery Wizard 5.5.1 Demo\DRW0.exe
PRC - [2011/06/23 11:26:40 | 000,200,072 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\EASEUS Data Recovery Wizard 5.5.1 Demo\DRW.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/04/06 14:07:42 | 000,439,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/25 19:01:52 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2011/09/19 20:38:08 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/23 11:26:42 | 000,073,096 | ---- | M] () -- C:\Program Files\EASEUS\EASEUS Data Recovery Wizard 5.5.1 Demo\PubLog.dll
MOD - [2011/06/23 11:26:42 | 000,049,544 | ---- | M] () -- C:\Program Files\EASEUS\EASEUS Data Recovery Wizard 5.5.1 Demo\AutoUpdate.dll
MOD - [2011/05/05 15:13:26 | 000,069,632 | ---- | M] () -- C:\Program Files\EASEUS\EASEUS Data Recovery Wizard 5.5.1 Demo\gc.dll
MOD - [2006/11/05 10:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 10:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/06/30 09:37:28 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/04/06 14:10:56 | 000,223,704 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/04/06 14:10:22 | 000,272,856 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/04/06 14:10:08 | 000,449,496 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/04/06 14:08:58 | 000,158,168 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/04/06 14:08:36 | 000,036,312 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2007/04/06 14:08:24 | 000,039,896 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/04/06 14:08:14 | 000,059,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/04/06 14:07:46 | 000,313,816 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/04/06 14:06:48 | 000,256,472 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/12 10:46:34 | 000,208,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/20 14:03:38 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{904FE940-D844-4F44-A025-F261A83950A2}\MpKsl542748f5.sys -- (MpKsl542748f5)
DRV - [2011/10/18 13:46:25 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys -- (RapportCerberus_32029)
DRV - [2011/09/25 19:00:08 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/25 19:00:08 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/30 09:37:58 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/06/30 09:37:56 | 000,238,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/06/30 09:37:56 | 000,036,568 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/03/24 05:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/23 16:54:54 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/04/29 09:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/06 14:10:40 | 000,014,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=uk&ibd=4070823
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hussains\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hussains\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hussains\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Hussains\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hussains\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Hussains\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = c:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/02 14:13:07 | 000,437,206 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15040 more lines...
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hussains\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hussains\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9C6B6EF-F0B8-4D7C-8325-36A8868F34D3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9C6B6EF-F0B8-4D7C-8325-36A8868F34D3}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 13:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8bf78371-de26-11e0-8c89-001aa091331d}\Shell - "" = AutoRun
O33 - MountPoints2\{8bf78371-de26-11e0-8c89-001aa091331d}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 08:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/20 15:05:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Hussains\Desktop\OTL.exe
[2011/10/20 14:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Data Recovery Wizard 5.5.1 Demo
[2011/10/20 14:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/10/20 14:21:42 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recover My Files v4
[2011/10/20 14:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2011/10/20 14:13:49 | 000,000,000 | ---D | C] -- C:\Users\Hussains\Documents\UNI
[2011/10/17 22:43:16 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Downloaded Installations
[2011/10/12 18:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/12 18:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/12 18:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/12 18:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/12 17:54:27 | 000,000,000 | ---D | C] -- C:\Users\Hussains\Documents\Theory Test
[2011/10/08 13:19:05 | 000,000,000 | ---D | C] -- C:\Users\Hussains\Desktop\old
[2011/10/08 13:18:28 | 000,000,000 | ---D | C] -- C:\Users\Hussains\Desktop\bouquets
[2011/10/08 13:18:20 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DreamBoxEdit
[2011/10/08 13:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\DreamBoxEdit
[2011/10/08 13:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\FlashFXP 4
[2011/10/08 13:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FlashFXP
[2011/10/08 12:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/10/05 21:33:44 | 000,000,000 | ---D | C] -- C:\Users\Hussains\Documents\DVDVideoSoft
[2011/09/25 19:00:08 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/09/22 20:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/09/22 20:52:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Hussains\Desktop\TFC.exe

========== Files - Modified Within 30 Days ==========

[2011/10/20 15:05:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hussains\Desktop\OTL.exe
[2011/10/20 14:50:05 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072669260-3456327829-1688835100-1001UA.job
[2011/10/20 14:45:25 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard 5.5.1 Demo.lnk
[2011/10/20 14:21:44 | 000,001,031 | ---- | M] () -- C:\Users\Hussains\Desktop\Recover My Files.lnk
[2011/10/20 14:13:42 | 000,002,305 | ---- | M] () -- C:\Users\Hussains\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/20 14:05:52 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/20 14:05:52 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/20 13:59:39 | 000,035,949 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/20 13:59:37 | 000,035,949 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/20 13:59:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/20 13:59:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/20 13:59:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/20 13:59:00 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/14 22:02:08 | 000,000,680 | ---- | M] () -- C:\Users\Hussains\AppData\Local\d3d9caps.dat
[2011/10/13 17:55:45 | 000,016,586 | ---- | M] () -- C:\Users\Hussains\Desktop\45144009_12_f.jpg
[2011/10/12 21:30:36 | 000,427,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/12 18:46:14 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/12 18:44:53 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/11 21:02:18 | 000,017,033 | ---- | M] () -- C:\Users\Hussains\Desktop\adidas-f50-adizero-synthetic-fg-boots-black-us10-.jpg
[2011/10/11 20:49:20 | 000,011,455 | ---- | M] () -- C:\Users\Hussains\Desktop\Receipt of boots.jpg
[2011/10/11 20:40:14 | 000,104,422 | ---- | M] () -- C:\Users\Hussains\Desktop\Screenshot 4.jpg
[2011/10/11 20:39:49 | 000,103,334 | ---- | M] () -- C:\Users\Hussains\Desktop\Screenshot 3.jpg
[2011/10/11 20:39:09 | 000,140,441 | ---- | M] () -- C:\Users\Hussains\Desktop\Screenshot 2.jpg
[2011/10/11 20:39:02 | 000,140,441 | ---- | M] () -- C:\Users\Hussains\Desktop\Screenshot.jpg
[2011/10/11 19:53:22 | 000,083,443 | ---- | M] () -- C:\Users\Hussains\Desktop\IMG00041-20111011-2053.jpg
[2011/10/11 19:53:10 | 000,081,458 | ---- | M] () -- C:\Users\Hussains\Desktop\IMG00040-20111011-2053.jpg
[2011/10/11 17:49:27 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/08 13:18:20 | 000,000,854 | ---- | M] () -- C:\Users\Hussains\Desktop\DreamBoxEdit.lnk
[2011/10/08 13:17:25 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2011/10/08 13:14:02 | 003,448,536 | ---- | M] () -- C:\Users\Hussains\Desktop\FlashFXP41_1655_Setup.exe
[2011/10/08 12:59:33 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/10/05 14:51:13 | 000,002,059 | ---- | M] () -- C:\Users\Hussains\Desktop\Google Chrome.lnk
[2011/10/05 14:51:13 | 000,002,021 | ---- | M] () -- C:\Users\Hussains\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/09/23 11:49:22 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/09/23 11:49:18 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/09/22 20:57:17 | 000,001,756 | ---- | M] () -- C:\Users\Hussains\Desktop\Update Checker.lnk
[2011/09/22 20:52:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Hussains\Desktop\TFC.exe

========== Files Created - No Company Name ==========

[2011/10/20 14:45:25 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard 5.5.1 Demo.lnk
[2011/10/20 14:21:44 | 000,001,031 | ---- | C] () -- C:\Users\Hussains\Desktop\Recover My Files.lnk
[2011/10/13 17:55:52 | 000,016,586 | ---- | C] () -- C:\Users\Hussains\Desktop\45144009_12_f.jpg
[2011/10/12 18:46:14 | 000,002,305 | ---- | C] () -- C:\Users\Hussains\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/12 18:44:53 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/11 21:02:18 | 000,017,033 | ---- | C] () -- C:\Users\Hussains\Desktop\adidas-f50-adizero-synthetic-fg-boots-black-us10-.jpg
[2011/10/11 20:56:52 | 000,083,443 | ---- | C] () -- C:\Users\Hussains\Desktop\IMG00041-20111011-2053.jpg
[2011/10/11 20:56:52 | 000,081,458 | ---- | C] () -- C:\Users\Hussains\Desktop\IMG00040-20111011-2053.jpg
[2011/10/11 20:49:06 | 000,011,455 | ---- | C] () -- C:\Users\Hussains\Desktop\Receipt of boots.jpg
[2011/10/11 20:40:14 | 000,104,422 | ---- | C] () -- C:\Users\Hussains\Desktop\Screenshot 4.jpg
[2011/10/11 20:39:49 | 000,103,334 | ---- | C] () -- C:\Users\Hussains\Desktop\Screenshot 3.jpg
[2011/10/11 20:39:08 | 000,140,441 | ---- | C] () -- C:\Users\Hussains\Desktop\Screenshot 2.jpg
[2011/10/11 20:38:33 | 000,140,441 | ---- | C] () -- C:\Users\Hussains\Desktop\Screenshot.jpg
[2011/10/08 13:18:20 | 000,000,854 | ---- | C] () -- C:\Users\Hussains\Desktop\DreamBoxEdit.lnk
[2011/10/08 13:17:25 | 000,000,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashFXP.lnk
[2011/10/08 13:17:25 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2011/10/08 13:13:29 | 003,448,536 | ---- | C] () -- C:\Users\Hussains\Desktop\FlashFXP41_1655_Setup.exe
[2011/10/08 12:59:33 | 000,000,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/10/08 12:59:33 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/09/22 20:57:17 | 000,001,786 | ---- | C] () -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2011/09/22 20:57:17 | 000,001,756 | ---- | C] () -- C:\Users\Hussains\Desktop\Update Checker.lnk
[2011/09/22 09:20:56 | 000,000,680 | ---- | C] () -- C:\Users\Hussains\AppData\Local\d3d9caps.dat
[2011/08/22 21:28:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/08/22 21:12:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/22 21:12:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/21 19:15:27 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/08/21 19:15:27 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/08/21 19:15:27 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/08/21 19:15:27 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/08/21 19:15:27 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/08/21 19:15:27 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/08/21 19:15:27 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/08/21 19:15:27 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/08/21 19:15:27 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/08/21 19:15:27 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/08/21 19:15:27 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/08/21 19:15:27 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/08/21 19:15:27 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/08/21 19:15:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/08/21 19:15:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/08/21 19:15:27 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/08/21 19:15:27 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/08/21 19:15:27 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/08/21 19:15:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/08/21 18:19:23 | 000,022,016 | ---- | C] () -- C:\Users\Hussains\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/21 18:11:06 | 000,035,949 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/08/21 18:11:06 | 000,035,949 | ---- | C] () -- C:\ProgramData\nvModes.001
[2006/11/10 14:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 20:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,427,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2003/08/07 14:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

========== LOP Check ==========

[2011/09/05 01:49:18 | 000,000,000 | ---D | M] -- C:\Users\Hussains\AppData\Roaming\DVDVideoSoft
[2011/09/05 01:49:09 | 000,000,000 | ---D | M] -- C:\Users\Hussains\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/09/05 04:35:54 | 000,000,000 | ---D | M] -- C:\Users\Hussains\AppData\Roaming\f-secure
[2011/09/04 20:14:58 | 000,000,000 | ---D | M] -- C:\Users\Hussains\AppData\Roaming\Research In Motion
[2011/10/06 18:26:16 | 000,000,000 | ---D | M] -- C:\Users\Hussains\AppData\Roaming\uTorrent
[2011/10/20 08:09:29 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello king011 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Your OTL log is clean. No trace of malware. Let's see other logs.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

    :Commands
    [purity]
    [emtpytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
========== COMMANDS ==========
Error: Unable to interpret <[emtpytemp]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 10252011_180910
  • 0

#4
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-25 19:14:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 ST3250820AS rev.3.ADG
Running: mf3q6bjw.exe; Driver: C:\Users\Hussains\AppData\Local\Temp\uxddykoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8E30EFC0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8E30FA56]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8E30FBD4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8E31327C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8E3132AE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8E313410]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8E30FB2C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x8E30F104]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8E30F2F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8E30F428]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8E313386]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8E3132F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8E313322]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8E313354]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8E30EF66]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8E30FC40]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8E313214]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8E30EF02]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x8E30EE56]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x8E30EE9E]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys ZwCreateThreadEx [0x8DD1F620]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 191 82AAE914 4 Bytes [C0, EF, 30, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D9 82AAE95C 4 Bytes [56, FA, 30, 8E]
.text ntkrnlpa.exe!KeSetEvent + 2D1 82AAEA54 8 Bytes [D4, FB, 30, 8E, 7C, 32, 31, ...] {AAM 0xfb; XOR [ESI-0x71cecd84], CL}
.text ntkrnlpa.exe!KeSetEvent + 2E1 82AAEA64 4 Bytes [AE, 32, 31, 8E]
.text ntkrnlpa.exe!KeSetEvent + 381 82AAEB04 4 Bytes [10, 34, 31, 8E]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\spoolsv.exe[528] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[528] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[528] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[528] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[528] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[528] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[528] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[528] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[528] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[528] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] RPCRT4.dll!RpcServerRegisterIfEx 7685929C 5 Bytes JMP 1001F040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[596] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!RegisterRawInputDevices 764F6161 5 Bytes JMP 10018E40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWindowsHookExA 764F6322 5 Bytes JMP 1001CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SystemParametersInfoA 764F82E1 7 Bytes JMP 1001C5D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!GetAsyncKeyState 764F863C 5 Bytes JMP 10019060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWindowsHookExW 764F87AD 5 Bytes JMP 1001C7F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SendNotifyMessageW 764F93D6 5 Bytes JMP 1001A0A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!MoveWindow 764F989F 5 Bytes JMP 10018B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWinEventHook 764F9F3A 5 Bytes JMP 1001C0A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetParent 764FA2AA 5 Bytes JMP 100188C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!PostThreadMessageA 764FBD34 5 Bytes JMP 1001B8C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!GetKeyboardState 764FBD7D 5 Bytes JMP 100195C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!RegisterHotKey 764FBDA5 5 Bytes JMP 10018080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!EnableWindow 764FCD8B 5 Bytes JMP 10017DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!PostMessageA 764FF8F8 5 Bytes JMP 1001BE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SendMessageA 764FF956 5 Bytes JMP 1001B380 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SendMessageTimeoutW 7650352D 5 Bytes JMP 1001AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SendMessageCallbackW 76504570 5 Bytes JMP 1001A5E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!PostThreadMessageW 76507C8E 5 Bytes JMP 1001B620 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!GetKeyState 76508CB1 5 Bytes JMP 10019310 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!PostMessageW 7650A175 5 Bytes JMP 1001BB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SendMessageW 76510AED 5 Bytes JMP 1001B0E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SystemParametersInfoW 765111D8 7 Bytes JMP 1001C3B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SendDlgItemMessageA 7651275B 5 Bytes JMP 10019DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetClipboardViewer 7651BA2D 5 Bytes JMP 100186C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SendNotifyMessageA 7651DFCF 5 Bytes JMP 1001A340 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!BlockInput 7651FF0A 5 Bytes JMP 100184C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SendMessageTimeoutA 76520006 5 Bytes JMP 1001AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!mouse_event 7652044E 5 Bytes JMP 10029650 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SendDlgItemMessageW 76520E38 5 Bytes JMP 10019B40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SendInput 76522F75 5 Bytes JMP 10019870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!GetClipboardData 7653715A 5 Bytes JMP 100182B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!ExitWindowsEx 7653B7C3 5 Bytes JMP 10017BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!keybd_event 7654D972 5 Bytes JMP 10029860 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SendMessageCallbackA 76552CA7 5 Bytes JMP 1001A8A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] GDI32.dll!BitBlt 75DC70A6 5 Bytes JMP 100293C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] GDI32.dll!StretchBlt 75DC93D6 5 Bytes JMP 10028BE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] GDI32.dll!MaskBlt 75DCC5CB 5 Bytes JMP 10029110 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[664] GDI32.dll!PlgBlt 75DDEB50 5 Bytes JMP 10028E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] services.exe 00FD1628 4 Bytes [60, E1, 01, 10]
.text C:\Windows\system32\services.exe[700] services.exe 00FD1638 4 Bytes [40, DC, 01, 10]
.text C:\Windows\system32\services.exe[700] services.exe 00FD1658 4 Bytes [80, E4, 01, 10]
.text C:\Windows\system32\services.exe[700] services.exe 00FD1668 4 Bytes [C0, DE, 01, 10]
.text C:\Windows\system32\services.exe[700] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] RPCRT4.dll!RpcServerRegisterIfEx 7685929C 5 Bytes JMP 1001F040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[700] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[716] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[716] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[716] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[716] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[724] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] RPCRT4.dll!RpcServerRegisterIfEx 7685929C 5 Bytes JMP 1001F040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[908] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[952] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[952] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[952] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[952] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[952] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[952] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[952] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[952] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[952] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[952] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[952] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[952] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] RPCRT4.dll!RpcServerRegisterIfEx 7685929C 5 Bytes JMP 1001F040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] rpcss.dll!WhichService 74E23F84 8 Bytes JMP ED301001
.text C:\Windows\system32\svchost.exe[980] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[980] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1016] ntdll.dll!NtAllocateVirtualMemory 77753F84 5 Bytes JMP 00526240 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1016] ntdll.dll!NtCreateFile 77754224 5 Bytes JMP 0053F8A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1136] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1136] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1136] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1136] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1200] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1200] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1200] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1200] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1200] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1200] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1200] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1200] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1200] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1200] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1200] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1200] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1260] ntdll.dll!KiUserApcDispatcher 77755B48 5 Bytes JMP 00414DC0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1260] kernel32.dll!LoadLibraryExW + 173 775193EF 4 Bytes JMP 71AA000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1260] WS2_32.dll!getaddrinfo 778C418A 5 Bytes JMP 71A40022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1260] WS2_32.dll!gethostbyname 778D62D4 5 Bytes JMP 71AD0022
.text C:\Windows\System32\svchost.exe[1352] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1352] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1352] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1352] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1352] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1352] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1352] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1352] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1352] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1352] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1352] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1380] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1380] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1380] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1380] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1380] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] RPCRT4.dll!RpcServerRegisterIfEx 7685929C 5 Bytes JMP 1001F040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1392] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1504] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1504] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1504] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1504] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1504] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1504] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1504] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1504] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1504] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1504] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1504] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1504] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1600] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1600] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1600] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1600] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1600] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1600] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1600] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1600] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1600] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1600] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1600] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1600] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1608] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1608] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1608] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1608] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1608] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1608] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1672] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1672] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1672] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1672] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1740] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1740] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1740] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1740] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1740] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1740] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1740] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1740] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1740] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1740] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1740] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1740] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1992] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1992] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1992] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1992] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1992] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1992] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1992] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1992] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1992] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1992] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1992] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1992] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[2188] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[2188] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[2188] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[2188] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[2188] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[2188] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[2188] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[2188] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[2188] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[2188] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[2188] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[2188] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2228] ntdll.dll!KiUserApcDispatcher 77755B48 5 Bytes JMP 00443F50 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2228] kernel32.dll!LoadLibraryExW + 173 775193EF 4 Bytes JMP 71AC000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2228] USER32.dll!InSendMessageEx + 3B1 764FE6B0 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2228] WS2_32.dll!getaddrinfo 778C418A 5 Bytes JMP 71A20022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2228] WS2_32.dll!gethostbyname 778D62D4 5 Bytes JMP 71A60022
.text C:\Windows\RtHDVCpl.exe[2312] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\RtHDVCpl.exe[2312] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\RtHDVCpl.exe[2312] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\RtHDVCpl.exe[2312] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\RtHDVCpl.exe[2312] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\RtHDVCpl.exe[2312] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\RtHDVCpl.exe[2312] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\RtHDVCpl.exe[2312] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\RtHDVCpl.exe[2312] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\RtHDVCpl.exe[2312] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\RtHDVCpl.exe[2312] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\RtHDVCpl.exe[2312] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[2360] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[2360] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[2360] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[2360] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[2360] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[2360] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[2360] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[2360] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[2360] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[2360] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[2360] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[2360] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2412] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2412] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2412] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2412] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2412] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2412] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2412] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2412] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2412] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2412] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2412] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2412] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[2416] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[2416] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[2416] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[2416] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[2416] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[2416] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[2416] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[2416] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[2416] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[2416] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[2416] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[2416] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[2428] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[2428] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[2428] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[2428] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[2428] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[2428] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[2428] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[2428] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[2428] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[2428] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[2428] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Client\msseces.exe[2428] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] ntdll.dll!NtAllocateVirtualMemory 77753F84 5 Bytes JMP 0076BD10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2448] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2448] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2448] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2448] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2448] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2448] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2448] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2448] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2448] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2448] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2448] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2448] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[2472] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[2472] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[2472] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[2472] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[2472] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[2472] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[2472] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[2472] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[2472] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[2472] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[2472] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[2472] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2484] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2484] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2484] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2484] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2484] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2484] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2484] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2484] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2484] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2484] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2484] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2484] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2564] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2564] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2564] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2564] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2564] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2564] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2564] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2564] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2564] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2564] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2564] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2564] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2620] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2620] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2620] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2620] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2620] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2620] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2620] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2620] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2620] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2620] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2620] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2620] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2636] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2636] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2636] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2636] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2636] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2636] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehtray.exe[2692] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehtray.exe[2692] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehtray.exe[2692] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehtray.exe[2692] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehtray.exe[2692] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehtray.exe[2692] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehtray.exe[2692] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehtray.exe[2692] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehtray.exe[2692] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehtray.exe[2692] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehtray.exe[2692] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehtray.exe[2692] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2720] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2720] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2720] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2720] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2720] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2720] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2720] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2720] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2720] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2720] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2840] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2840] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2840] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2840] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2840] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2840] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2840] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2840] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2840] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2840] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2840] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2840] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3344] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3344] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3344] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3344] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3344] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3344] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3344] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3344] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3344] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3344] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3344] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3344] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3364] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3364] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3364] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3364] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3364] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3364] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3364] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3364] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3364] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3364] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3364] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3364] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3552] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3552] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3552] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3552] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3552] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3552] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3552] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3552] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[3816] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[3816] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[3816] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[3816] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[3816] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[3816] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[3816] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[3816] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[3816] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[3816] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[3816] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\ehome\ehmsas.exe[3816] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3992] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3992] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3992] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3992] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3992] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3992] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3992] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3992] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3992] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3992] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3992] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3992] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[4092] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[4092] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[4092] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[4092] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[4092] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[4092] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[4092] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[4092] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[4092] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[4092] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[4092] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[4092] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[4668] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[4668] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[4668] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[4668] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[4668] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[4668] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[4668] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[4668] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[4668] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[4668] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[4668] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[4668] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[4696] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[4696] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[4696] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[4696] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[4696] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[4696] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[4696] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[4696] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[4696] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[4696] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[4696] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[4696] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[4744] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[4744] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[4744] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[4744] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[4744] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[4744] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[4744] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[4744] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[4744] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[4744] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\mf3q6bjw.exe[5720] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\mf3q6bjw.exe[5720] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\mf3q6bjw.exe[5720] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\mf3q6bjw.exe[5720] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\mf3q6bjw.exe[5720] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\mf3q6bjw.exe[5720] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\mf3q6bjw.exe[5720] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\mf3q6bjw.exe[5720] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\mf3q6bjw.exe[5720] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\mf3q6bjw.exe[5720] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\mf3q6bjw.exe[5720] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\mf3q6bjw.exe[5720] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[5772] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[5772] ntdll.dll!LdrUnloadDll 7772B740 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[5772] ntdll.dll!NtAlpcSendWaitReceivePort 777540C4 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[5772] ntdll.dll!NtClose 77754164 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[5772] kernel32.dll!CreateProcessW 774F1BF3 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[5772] kernel32.dll!CreateProcessA 774F1C28 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[5772] ADVAPI32.dll!CreateProcessAsUserA 7742CEB9 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[5772] ADVAPI32.dll!CreateProcessAsUserW 77441EE9 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[5772] GDI32.dll!DeleteDC 75DC68CD 5 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[5772] GDI32.dll!CreateDCW 75DCA91D 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[5772] GDI32.dll!CreateDCA 75DCAA49 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[5772] GDI32.dll!GetPixel 75DCBE90 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [0064BA10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [0064BB10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0064B0F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [0064BB10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0064BA90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0064B0F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0064BA10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0064BA10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0064B0F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleHandleA] [0064BB10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0064B0F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [0064BA90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [0064BA10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0064BA10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0064BA10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0064B0F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0064BB10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0064BA90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0064A850] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0064A7F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0064B240] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0064B180] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0064ACE0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0064AC50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0064B300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0064BA90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0064B0F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0064BA10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0064A850] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0064B5C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0064AB10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0064AAA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0064B480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawEdge] [0064B780] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0064B7D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0064A8A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [0064A7F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0064B240] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [0064B700] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0064ACE0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0064B300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0064A990] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [0064A850] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] [0064B0F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0064BA90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0064BA10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0064B480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0064B300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [0064A7F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [0064AB10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ole32.dll [USER32.dll!RegisterClassW] [0064B240] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [0064ACE0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] [0064B0F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0064B0F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0064BA90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2440] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [0064BB10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#5
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello,

I've posted the logs above.

If my computer has a rootkit and other malware on it, would installing windows again eliminate it ?


Thanks
King011
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

If my computer has a rootkit and other malware on it, would installing windows again eliminate it ?


Formatting and installing Windows are always ultimate solution. We are here to try and remove malware so you don't have to reinstall you system :).

For now there are no rootkits visible in your logs.

Step 1

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

  • Malwarebytes log
  • VRT log
It would be helpful if you could post each log in separate post
  • 0

#7
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello,

Thanks for the reply.

Both scans complete and did not detect anything.

However the computer is still slow and at times lags in comparison to before MSE detected the malware and this is through when generally using the internet.

Is there anything else that can be done?


Many Thanks
King011

Edited by king011, 28 October 2011 - 02:37 PM.

  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

How is your system now? Any problems?
  • 0

#9
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello maliprog,

Like I said in my previous reply,"However the computer is still slow and at times lags in comparison to before MSE detected the malware and this is through when generally using the internet.

Is there anything else that can be done?"

also in the last couple of days MSE keeps detecting malware even though the computer hasn't been used much. :)

Many Thanks
King011
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

Can you tell me where does it detect that malware (location) and its name. That could help us.

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 3

Please don't forget to include these items in your reply:

  • aswMBR log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

Advertisements


#11
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello maliprog,

MSE states the names of the malware but not the location and I think this due to it being removed.

Names of malware:
  • Program:Win32/FakeBye
  • Trojan:Win32/Adbehavior
  • Backdoor:Win32/Blazgel.A
  • Backdoor:Win32/Poison.G
  • Trojan:Win32/Crasher
  • Backdoor:Win32/Xinia.C


Thanks
King011

Edited by king011, 31 October 2011 - 04:48 AM.

  • 0

#12
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
10:56:44.0336 5756 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
10:56:46.0340 5756 ============================================================
10:56:46.0340 5756 Current date / time: 2011/10/31 10:56:46.0340
10:56:46.0340 5756 SystemInfo:
10:56:46.0340 5756
10:56:46.0340 5756 OS Version: 6.0.6002 ServicePack: 2.0
10:56:46.0340 5756 Product type: Workstation
10:56:46.0340 5756 ComputerName: HUSSAINS-PC
10:56:46.0341 5756 UserName: Hussains
10:56:46.0341 5756 Windows directory: C:\Windows
10:56:46.0341 5756 System windows directory: C:\Windows
10:56:46.0341 5756 Processor architecture: Intel x86
10:56:46.0341 5756 Number of processors: 2
10:56:46.0341 5756 Page size: 0x1000
10:56:46.0341 5756 Boot type: Normal boot
10:56:46.0341 5756 ============================================================
10:56:47.0892 5756 Initialize success
10:56:57.0426 1292 ============================================================
10:56:57.0426 1292 Scan started
10:56:57.0426 1292 Mode: Manual;
10:56:57.0426 1292 ============================================================
10:56:58.0482 1292 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:56:58.0486 1292 ACPI - ok
10:56:58.0577 1292 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:56:58.0602 1292 adp94xx - ok
10:56:58.0649 1292 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:56:58.0656 1292 adpahci - ok
10:56:58.0679 1292 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:56:58.0682 1292 adpu160m - ok
10:56:58.0697 1292 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:56:58.0702 1292 adpu320 - ok
10:56:58.0791 1292 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:56:58.0796 1292 AFD - ok
10:56:58.0845 1292 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
10:56:58.0848 1292 agp440 - ok
10:56:58.0881 1292 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:56:58.0900 1292 aic78xx - ok
10:56:59.0071 1292 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
10:56:59.0073 1292 aliide - ok
10:56:59.0110 1292 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
10:56:59.0112 1292 amdagp - ok
10:56:59.0149 1292 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
10:56:59.0150 1292 amdide - ok
10:56:59.0198 1292 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:56:59.0200 1292 AmdK7 - ok
10:56:59.0245 1292 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:56:59.0247 1292 AmdK8 - ok
10:56:59.0309 1292 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:56:59.0312 1292 arc - ok
10:56:59.0345 1292 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:56:59.0348 1292 arcsas - ok
10:56:59.0396 1292 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:56:59.0398 1292 AsyncMac - ok
10:56:59.0438 1292 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:56:59.0439 1292 atapi - ok
10:56:59.0518 1292 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:56:59.0519 1292 Beep - ok
10:56:59.0565 1292 blbdrive - ok
10:56:59.0624 1292 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:56:59.0636 1292 bowser - ok
10:56:59.0692 1292 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:56:59.0694 1292 BrFiltLo - ok
10:56:59.0711 1292 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:56:59.0715 1292 BrFiltUp - ok
10:56:59.0790 1292 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:56:59.0794 1292 Brserid - ok
10:56:59.0837 1292 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:56:59.0839 1292 BrSerWdm - ok
10:56:59.0867 1292 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:56:59.0869 1292 BrUsbMdm - ok
10:56:59.0896 1292 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:56:59.0897 1292 BrUsbSer - ok
10:56:59.0941 1292 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:56:59.0951 1292 BTHMODEM - ok
10:57:00.0008 1292 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:57:00.0019 1292 cdfs - ok
10:57:00.0055 1292 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:57:00.0061 1292 cdrom - ok
10:57:00.0086 1292 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:57:00.0088 1292 circlass - ok
10:57:00.0131 1292 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:57:00.0140 1292 CLFS - ok
10:57:00.0290 1292 cmdGuard (0a2e8cde40d6fd252f4a66558d6cd18d) C:\Windows\system32\DRIVERS\cmdguard.sys
10:57:00.0294 1292 cmdGuard - ok
10:57:00.0344 1292 cmdHlp (beb0da2bf48a8f7ad3c49e893936466c) C:\Windows\system32\DRIVERS\cmdhlp.sys
10:57:00.0345 1292 cmdHlp - ok
10:57:00.0381 1292 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
10:57:00.0383 1292 cmdide - ok
10:57:00.0419 1292 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
10:57:00.0423 1292 Compbatt - ok
10:57:00.0451 1292 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:57:00.0453 1292 crcdisk - ok
10:57:00.0488 1292 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:57:00.0505 1292 Crusoe - ok
10:57:00.0609 1292 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:57:00.0612 1292 DfsC - ok
10:57:00.0760 1292 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:57:00.0762 1292 disk - ok
10:57:00.0866 1292 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:57:00.0868 1292 drmkaud - ok
10:57:01.0009 1292 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
10:57:01.0014 1292 DSproct - ok
10:57:01.0313 1292 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
10:57:01.0336 1292 dsunidrv - ok
10:57:01.0466 1292 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:57:01.0484 1292 DXGKrnl - ok
10:57:01.0543 1292 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
10:57:01.0552 1292 e1express - ok
10:57:01.0779 1292 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:57:01.0782 1292 E1G60 - ok
10:57:01.0899 1292 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:57:01.0899 1292 Ecache - ok
10:57:01.0962 1292 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:57:01.0962 1292 elxstor - ok
10:57:02.0040 1292 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:57:02.0040 1292 exfat - ok
10:57:02.0086 1292 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:57:02.0086 1292 fastfat - ok
10:57:02.0133 1292 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:57:02.0133 1292 fdc - ok
10:57:02.0180 1292 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:57:02.0180 1292 FileInfo - ok
10:57:02.0227 1292 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:57:02.0242 1292 Filetrace - ok
10:57:02.0258 1292 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:57:02.0258 1292 flpydisk - ok
10:57:02.0305 1292 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:57:02.0305 1292 FltMgr - ok
10:57:02.0383 1292 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:57:02.0383 1292 Fs_Rec - ok
10:57:02.0414 1292 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:57:02.0414 1292 gagp30kx - ok
10:57:02.0461 1292 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:57:02.0461 1292 GEARAspiWDM - ok
10:57:02.0523 1292 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:57:02.0539 1292 HDAudBus - ok
10:57:02.0601 1292 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:57:02.0601 1292 HidBth - ok
10:57:02.0632 1292 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:57:02.0632 1292 HidIr - ok
10:57:02.0695 1292 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:57:02.0695 1292 HidUsb - ok
10:57:02.0726 1292 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:57:02.0726 1292 HpCISSs - ok
10:57:02.0788 1292 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:57:02.0804 1292 HTTP - ok
10:57:02.0851 1292 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:57:02.0851 1292 i2omp - ok
10:57:02.0913 1292 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:57:02.0913 1292 i8042prt - ok
10:57:02.0960 1292 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
10:57:02.0976 1292 iaStor - ok
10:57:03.0163 1292 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:57:03.0225 1292 iaStorV - ok
10:57:03.0537 1292 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:57:03.0537 1292 iirsp - ok
10:57:03.0646 1292 inspect (2c03538258729852d55f9f2b8906a8b9) C:\Windows\system32\DRIVERS\inspect.sys
10:57:03.0646 1292 inspect - ok
10:57:03.0787 1292 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
10:57:03.0865 1292 IntcAzAudAddService - ok
10:57:04.0036 1292 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys
10:57:04.0052 1292 IntelDH - ok
10:57:04.0161 1292 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\DRIVERS\intelide.sys
10:57:04.0161 1292 intelide - ok
10:57:04.0239 1292 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:57:04.0239 1292 intelppm - ok
10:57:04.0270 1292 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:57:04.0270 1292 IpFilterDriver - ok
10:57:04.0302 1292 IpInIp - ok
10:57:04.0333 1292 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:57:04.0348 1292 IPMIDRV - ok
10:57:04.0411 1292 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:57:04.0426 1292 IPNAT - ok
10:57:04.0489 1292 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:57:04.0489 1292 IRENUM - ok
10:57:04.0536 1292 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
10:57:04.0536 1292 isapnp - ok
10:57:04.0567 1292 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:57:04.0582 1292 iScsiPrt - ok
10:57:04.0614 1292 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:57:04.0629 1292 iteatapi - ok
10:57:04.0660 1292 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:57:04.0660 1292 iteraid - ok
10:57:04.0707 1292 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:57:04.0723 1292 kbdclass - ok
10:57:04.0754 1292 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:57:04.0754 1292 kbdhid - ok
10:57:04.0785 1292 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:57:04.0832 1292 KSecDD - ok
10:57:04.0910 1292 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:57:04.0910 1292 lltdio - ok
10:57:05.0035 1292 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:57:05.0035 1292 LSI_FC - ok
10:57:05.0066 1292 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:57:05.0066 1292 LSI_SAS - ok
10:57:05.0097 1292 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:57:05.0113 1292 LSI_SCSI - ok
10:57:05.0160 1292 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:57:05.0160 1292 luafv - ok
10:57:05.0222 1292 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:57:05.0222 1292 megasas - ok
10:57:05.0284 1292 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:57:05.0284 1292 Modem - ok
10:57:05.0316 1292 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:57:05.0316 1292 monitor - ok
10:57:05.0362 1292 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:57:05.0362 1292 mouclass - ok
10:57:05.0394 1292 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:57:05.0394 1292 mouhid - ok
10:57:05.0440 1292 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:57:05.0440 1292 MountMgr - ok
10:57:05.0472 1292 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
10:57:05.0472 1292 MpFilter - ok
10:57:05.0503 1292 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:57:05.0518 1292 mpio - ok
10:57:05.0628 1292 MpKsl02d24b73 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C3A501D-7D9B-474C-A02E-BE83FAA4C95F}\MpKsl02d24b73.sys
10:57:05.0628 1292 MpKsl02d24b73 - ok
10:57:05.0643 1292 MpKslf7c071c8 - ok
10:57:05.0752 1292 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
10:57:05.0752 1292 MpNWMon - ok
10:57:05.0799 1292 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:57:05.0799 1292 mpsdrv - ok
10:57:05.0846 1292 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:57:05.0862 1292 Mraid35x - ok
10:57:05.0893 1292 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:57:05.0893 1292 MRxDAV - ok
10:57:05.0940 1292 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:57:05.0955 1292 mrxsmb - ok
10:57:05.0971 1292 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:57:05.0986 1292 mrxsmb10 - ok
10:57:06.0018 1292 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:57:06.0018 1292 mrxsmb20 - ok
10:57:06.0064 1292 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
10:57:06.0064 1292 msahci - ok
10:57:06.0111 1292 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:57:06.0111 1292 msdsm - ok
10:57:06.0158 1292 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:57:06.0158 1292 Msfs - ok
10:57:06.0189 1292 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:57:06.0189 1292 msisadrv - ok
10:57:06.0252 1292 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:57:06.0252 1292 MSKSSRV - ok
10:57:06.0314 1292 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:57:06.0314 1292 MSPCLOCK - ok
10:57:06.0361 1292 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:57:06.0361 1292 MSPQM - ok
10:57:06.0392 1292 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:57:06.0392 1292 MsRPC - ok
10:57:06.0439 1292 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:57:06.0439 1292 mssmbios - ok
10:57:06.0470 1292 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:57:06.0470 1292 MSTEE - ok
10:57:06.0501 1292 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:57:06.0501 1292 Mup - ok
10:57:06.0564 1292 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:57:06.0579 1292 NativeWifiP - ok
10:57:06.0735 1292 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:57:06.0751 1292 NDIS - ok
10:57:06.0798 1292 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:57:06.0813 1292 NdisTapi - ok
10:57:06.0860 1292 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:57:06.0860 1292 Ndisuio - ok
10:57:06.0922 1292 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:57:06.0922 1292 NdisWan - ok
10:57:07.0000 1292 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:57:07.0000 1292 NDProxy - ok
10:57:07.0078 1292 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:57:07.0078 1292 NetBIOS - ok
10:57:07.0125 1292 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:57:07.0125 1292 netbt - ok
10:57:07.0172 1292 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:57:07.0172 1292 nfrd960 - ok
10:57:07.0219 1292 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
10:57:07.0219 1292 nmsunidr - ok
10:57:07.0266 1292 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:57:07.0266 1292 Npfs - ok
10:57:07.0328 1292 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:57:07.0328 1292 nsiproxy - ok
10:57:07.0437 1292 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:57:07.0453 1292 Ntfs - ok
10:57:07.0500 1292 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:57:07.0500 1292 ntrigdigi - ok
10:57:07.0562 1292 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:57:07.0562 1292 Null - ok
10:57:07.0905 1292 nvlddmkm (55526cd7b311236aab3f73434cbc651e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:57:08.0217 1292 nvlddmkm - ok
10:57:08.0373 1292 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
10:57:08.0373 1292 nvraid - ok
10:57:08.0389 1292 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
10:57:08.0404 1292 nvstor - ok
10:57:08.0529 1292 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
10:57:08.0529 1292 nv_agp - ok
10:57:08.0545 1292 NwlnkFlt - ok
10:57:08.0560 1292 NwlnkFwd - ok
10:57:08.0638 1292 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
10:57:08.0654 1292 ohci1394 - ok
10:57:08.0779 1292 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:57:08.0794 1292 Parport - ok
10:57:08.0826 1292 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:57:08.0841 1292 partmgr - ok
10:57:08.0872 1292 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:57:08.0872 1292 Parvdm - ok
10:57:08.0919 1292 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:57:08.0919 1292 pci - ok
10:57:08.0982 1292 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
10:57:08.0982 1292 pciide - ok
10:57:09.0013 1292 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:57:09.0013 1292 pcmcia - ok
10:57:09.0060 1292 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:57:09.0075 1292 PEAUTH - ok
10:57:09.0200 1292 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:57:09.0200 1292 PptpMiniport - ok
10:57:09.0231 1292 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:57:09.0231 1292 Processor - ok
10:57:09.0294 1292 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:57:09.0294 1292 PSched - ok
10:57:09.0325 1292 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
10:57:09.0356 1292 PxHelp20 - ok
10:57:09.0403 1292 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:57:09.0434 1292 ql2300 - ok
10:57:09.0450 1292 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:57:09.0450 1292 ql40xx - ok
10:57:09.0481 1292 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:57:09.0481 1292 QWAVEdrv - ok
10:57:09.0606 1292 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
10:57:09.0668 1292 R300 - ok
10:57:09.0777 1292 RapportCerberus_32029 (9919c63e9150af648c42d28b5d72a32f) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys
10:57:09.0777 1292 RapportCerberus_32029 - ok
10:57:09.0824 1292 RapportEI (90bc0b9ef6106b8f5f762bdf4f0ad723) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
10:57:09.0824 1292 RapportEI - ok
10:57:09.0949 1292 RapportKELL (8cc04334a2fda2b6d79631dbe62f5cd0) C:\Windows\system32\Drivers\RapportKELL.sys
10:57:09.0949 1292 RapportKELL - ok
10:57:10.0042 1292 RapportPG (a16ba67cf3f448bd163246dd725b7ffc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
10:57:10.0042 1292 RapportPG - ok
10:57:10.0136 1292 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:57:10.0136 1292 RasAcd - ok
10:57:10.0183 1292 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:57:10.0198 1292 Rasl2tp - ok
10:57:10.0214 1292 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:57:10.0214 1292 RasPppoe - ok
10:57:10.0245 1292 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:57:10.0245 1292 RasSstp - ok
10:57:10.0292 1292 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:57:10.0292 1292 rdbss - ok
10:57:10.0323 1292 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:57:10.0323 1292 RDPCDD - ok
10:57:10.0370 1292 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
10:57:10.0370 1292 rdpdr - ok
10:57:10.0432 1292 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:57:10.0432 1292 RDPENCDD - ok
10:57:10.0464 1292 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:57:10.0479 1292 RDPWD - ok
10:57:10.0557 1292 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
10:57:10.0557 1292 RimUsb - ok
10:57:10.0588 1292 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
10:57:10.0588 1292 RimVSerPort - ok
10:57:10.0620 1292 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
10:57:10.0620 1292 ROOTMODEM - ok
10:57:10.0682 1292 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:57:10.0682 1292 rspndr - ok
10:57:10.0744 1292 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:57:10.0744 1292 sbp2port - ok
10:57:10.0807 1292 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:57:10.0807 1292 secdrv - ok
10:57:10.0885 1292 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:57:10.0885 1292 Serenum - ok
10:57:10.0916 1292 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:57:10.0916 1292 Serial - ok
10:57:10.0947 1292 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:57:10.0947 1292 sermouse - ok
10:57:11.0025 1292 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
10:57:11.0025 1292 sffdisk - ok
10:57:11.0056 1292 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
10:57:11.0056 1292 sffp_mmc - ok
10:57:11.0072 1292 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
10:57:11.0072 1292 sffp_sd - ok
10:57:11.0103 1292 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:57:11.0103 1292 sfloppy - ok
10:57:11.0150 1292 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
10:57:11.0150 1292 sisagp - ok
10:57:11.0181 1292 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:57:11.0197 1292 SiSRaid2 - ok
10:57:11.0228 1292 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:57:11.0228 1292 SiSRaid4 - ok
10:57:11.0290 1292 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:57:11.0290 1292 Smb - ok
10:57:11.0353 1292 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:57:11.0353 1292 spldr - ok
10:57:11.0384 1292 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:57:11.0384 1292 srv - ok
10:57:11.0446 1292 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:57:11.0462 1292 srv2 - ok
10:57:11.0493 1292 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:57:11.0493 1292 srvnet - ok
10:57:11.0571 1292 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:57:11.0571 1292 swenum - ok
10:57:11.0618 1292 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:57:11.0618 1292 Symc8xx - ok
10:57:11.0649 1292 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:57:11.0649 1292 Sym_hi - ok
10:57:11.0696 1292 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:57:11.0696 1292 Sym_u3 - ok
10:57:11.0790 1292 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
10:57:11.0805 1292 Tcpip - ok
10:57:11.0868 1292 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
10:57:11.0868 1292 Tcpip6 - ok
10:57:11.0914 1292 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:57:11.0914 1292 tcpipreg - ok
10:57:11.0946 1292 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:57:11.0961 1292 TDPIPE - ok
10:57:11.0992 1292 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:57:11.0992 1292 TDTCP - ok
10:57:12.0039 1292 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:57:12.0039 1292 tdx - ok
10:57:12.0148 1292 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:57:12.0148 1292 TermDD - ok
10:57:12.0242 1292 TSHWMDTCP (de8829c9da8fa4eda99948f1b78da80a) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
10:57:12.0258 1292 TSHWMDTCP - ok
10:57:12.0367 1292 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:57:12.0367 1292 tssecsrv - ok
10:57:12.0398 1292 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:57:12.0398 1292 tunmp - ok
10:57:12.0429 1292 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:57:12.0429 1292 tunnel - ok
10:57:12.0476 1292 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
10:57:12.0476 1292 uagp35 - ok
10:57:12.0523 1292 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:57:12.0523 1292 udfs - ok
10:57:12.0585 1292 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
10:57:12.0585 1292 uliagpkx - ok
10:57:12.0616 1292 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:57:12.0632 1292 uliahci - ok
10:57:12.0648 1292 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:57:12.0663 1292 UlSata - ok
10:57:12.0694 1292 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:57:12.0694 1292 ulsata2 - ok
10:57:12.0741 1292 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:57:12.0741 1292 umbus - ok
10:57:12.0819 1292 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:57:12.0819 1292 USBAAPL - ok
10:57:12.0866 1292 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
10:57:12.0928 1292 usbaudio - ok
10:57:12.0975 1292 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:57:13.0006 1292 usbccgp - ok
10:57:13.0038 1292 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:57:13.0038 1292 usbcir - ok
10:57:13.0084 1292 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:57:13.0084 1292 usbehci - ok
10:57:13.0131 1292 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:57:13.0131 1292 usbhub - ok
10:57:13.0162 1292 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:57:13.0162 1292 usbohci - ok
10:57:13.0194 1292 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:57:13.0209 1292 usbprint - ok
10:57:13.0240 1292 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:57:13.0240 1292 usbscan - ok
10:57:13.0272 1292 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:57:13.0272 1292 USBSTOR - ok
10:57:13.0334 1292 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:57:13.0334 1292 usbuhci - ok
10:57:13.0396 1292 uti5mzy3 (524d8d450622db4a7875b111c299a76b) C:\Windows\system32\Drivers\uti5mzy3.sys
10:57:13.0428 1292 uti5mzy3 - ok
10:57:13.0474 1292 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:57:13.0474 1292 vga - ok
10:57:13.0506 1292 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:57:13.0506 1292 VgaSave - ok
10:57:13.0537 1292 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
10:57:13.0552 1292 viaagp - ok
10:57:13.0584 1292 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:57:13.0584 1292 ViaC7 - ok
10:57:13.0630 1292 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
10:57:13.0630 1292 viaide - ok
10:57:13.0662 1292 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:57:13.0662 1292 volmgr - ok
10:57:13.0708 1292 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:57:13.0724 1292 volmgrx - ok
10:57:13.0755 1292 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:57:13.0755 1292 volsnap - ok
10:57:13.0802 1292 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:57:13.0802 1292 vsmraid - ok
10:57:13.0849 1292 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:57:13.0849 1292 WacomPen - ok
10:57:13.0880 1292 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:57:13.0880 1292 Wanarp - ok
10:57:13.0896 1292 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:57:13.0896 1292 Wanarpv6 - ok
10:57:13.0942 1292 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:57:13.0942 1292 Wd - ok
10:57:13.0974 1292 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:57:13.0989 1292 Wdf01000 - ok
10:57:14.0114 1292 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
10:57:14.0114 1292 WmiAcpi - ok
10:57:14.0239 1292 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:57:14.0239 1292 ws2ifsl - ok
10:57:14.0317 1292 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:57:14.0317 1292 WUDFRd - ok
10:57:14.0364 1292 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:57:14.0379 1292 \Device\Harddisk0\DR0 - ok
10:57:14.0395 1292 Boot (0x1200) (059f491007efe3185fbf6a2b0779492c) \Device\Harddisk0\DR0\Partition0
10:57:14.0395 1292 \Device\Harddisk0\DR0\Partition0 - ok
10:57:14.0395 1292 Boot (0x1200) (11c4f16be2c88f78ee8f93e3143e9d58) \Device\Harddisk0\DR0\Partition1
10:57:14.0395 1292 \Device\Harddisk0\DR0\Partition1 - ok
10:57:14.0410 1292 ============================================================
10:57:14.0410 1292 Scan finished
10:57:14.0410 1292 ============================================================
10:57:14.0473 1672 Detected object count: 0
10:57:14.0473 1672 Actual detected object count: 0
10:57:50.0790 1512 Deinitialize success
  • 0

#13
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-31 10:59:25
-----------------------------
10:59:25.082 OS Version: Windows 6.0.6002 Service Pack 2
10:59:25.082 Number of processors: 2 586 0xF02
10:59:25.082 ComputerName: HUSSAINS-PC UserName: Hussains
10:59:42.788 Initialize success
11:00:37.912 AVAST engine defs: 11103100
11:00:40.861 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
11:00:40.861 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
11:00:42.889 Disk 0 MBR read successfully
11:00:42.889 Disk 0 MBR scan
11:00:42.936 Disk 0 Windows VISTA default MBR code
11:00:42.951 Disk 0 scanning sectors +488278016
11:00:43.029 Disk 0 scanning C:\Windows\system32\drivers
11:00:59.784 Service scanning
11:01:00.564 Service MpKsl02d24b73 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C3A501D-7D9B-474C-A02E-BE83FAA4C95F}\MpKsl02d24b73.sys **LOCKED** 32
11:01:00.579 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
11:01:01.219 Modules scanning
11:01:17.911 Disk 0 trace - called modules:
11:01:17.942 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:01:17.942 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f50108]
11:01:17.958 3 CLASSPNP.SYS[889b88b3] -> nt!IofCallDriver -> [0x858094b8]
11:01:17.958 5 acpi.sys[8068a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x84e6e390]
11:01:18.925 AVAST engine scan C:\Windows
11:01:33.199 AVAST engine scan C:\Windows\system32
11:04:37.190 AVAST engine scan C:\Windows\system32\drivers
11:04:53.275 AVAST engine scan C:\Users\Hussains
11:08:30.832 AVAST engine scan C:\ProgramData
11:10:01.110 Scan finished successfully
11:23:20.110 Disk 0 MBR has been saved successfully to "C:\Users\Hussains\Desktop\MBR.dat"
11:23:20.110 The log file has been saved successfully to "C:\Users\Hussains\Desktop\aswMBR.txt"
  • 0

#14
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello maliprog,

I think the scans outcomes were clean, however just to let you know that I suspect that there is something definitely wrong with the computer because it takes it time performing simple actions such as when watching a youtube video and if I open more than 3 youtube videos at a time it makes the memory go through the roof; this did not occur before MSE detected malware.

Many Thanks
King011
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

You can find out malware location if you open MSE and click o history tab. Click on malware in the list and find its lication in the description below.

Posted Image

Let's try Combofix.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP