Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bluescreen during malwarebytes scan, slow computer, malwarebytes blocking outgoing connections


  • This topic is locked This topic is locked
18 replies to this topic

#1 pixart8

pixart8

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 08 August 2011 - 08:12 PM

Hi!

This is my first post and I really appreciate bleeping computer team for providing such a wonderful service to people in need. I am using Windows 7 Ultimate. I have Symantec Norton Antivirus 2011, Avast Free Antivirus and Comodo Firewall installed. I update my system (windows, antivirus, firewall, acrobat etc) regularly. Off late my system has been running slowly. The two antivirus catch infections every now and then (pendrives, malicious links). I run regular scans (both Norton and Avast), all of which almost never detect any infection and assure that my system is clean.

Yesterday I installed Malwarebytes Anti Malware just to be sure that my computer doesn't have any infection. It was constantly (every 2-3 seconds) blocking outgoing connections from BitComet to different IPs located in China. Believing that the problem is in BitComet, I started utorrent, and the result was same for it as well, MBAM blocked outbound connections, albeit at a lower frequency. Then it blocked an inbound connection from svchost.exe. I just quit both the torrent clients and the notifications stopped. I then quit MBAB.

I started Malwarebytes scan and while it was still running, it showed two infections. During the scan itself a blue screen came and my windows crashed. Ignoring it, after a while I again started the scan and the same thing happened. Now I am not sure whether whether its because of scan or infection, but during the 2 years life of my laptop, it was 2nd and 3rd time when Blue screen appeared. First was when I had some problem with my wireless adapter.

In Comodo Firewall summary window, I see svchost.exe has a continuous outbound connection, showing 100% Traffic for svchost.exe process. Also, Comodo Firewall is blocking intrusions every minute, all to the same port as used by BitComet, and BitComet isn't even running right now.

I haven't been able to sleep since then, I am not sure whether all problems (outgoing connections, svchost.exe, bluescreen) are related or I've multiple problems in my laptop.

Surprisingly, I find no inconsistencies with the laptop's performance otherwise. Everything is running normally, no strange behaviour, no page redirects, nothing. It is working well. I am just worried because I use it for financial transactions. Kindly help me, whether it is my paranoia or is my laptop indeed infected? And what steps should I take to confirm it isn't.

Edited by pixart8, 08 August 2011 - 08:21 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:28 PM

Posted 08 August 2011 - 09:30 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 09 August 2011 - 08:12 AM

Hi! Thanks for quick reply...it took me almost whole day to complete the scan using gmer. No warning or anything. I am posting all the results for all the three things asked to do.


Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Mozilla Firefox (x86 en-GB..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````



######################################################################


MiniToolBox by Farbar
Ran by pe8ce (administrator) on 09-08-2011 at 09:34:51
Windows 7 Ultimate Service Pack 1 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=10.1.93.2 publish=Yes
add address name="Local Area Connection" address=10.1.93.91 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : pe8ce-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : <delete>
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : <delete>
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR928X Wireless Network Adapter
Physical Address. . . . . . . . . : <delete>
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8cd0:c7f4:2cc1:b691%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 09 August 2011 02:38:06
Lease Expires . . . . . . . . . . : 10 August 2011 02:38:16
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218113067
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-3B-08-C0-00-1D-BA-77-4F-09
DNS Servers . . . . . . . . . . . : 59.179.243.70
203.94.243.70
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : <delete>
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9BCA5D2F-A995-471B-9253-5EF3E124D11D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{12BC3DF8-EC37-44CA-A350-89A55DB10424}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2cbf:980d:c44e:dea5(Preferred)
Link-local IPv6 Address . . . . . : fe80::2cbf:980d:c44e:dea5%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: triband-del-59.179.243.70.bol.net.in
Address: 59.179.243.70

Name: google.com
Addresses: 74.125.236.82
74.125.236.83
74.125.236.84
74.125.236.80
74.125.236.81


Pinging google.com [74.125.236.49] with 32 bytes of data:
Reply from 74.125.236.49: bytes=32 time=77ms TTL=51
Reply from 74.125.236.49: bytes=32 time=178ms TTL=51

Ping statistics for 74.125.236.49:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 77ms, Maximum = 178ms, Average = 127ms
Server: triband-del-59.179.243.70.bol.net.in
Address: 59.179.243.70

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=271ms TTL=44
Reply from 67.195.160.76: bytes=32 time=346ms TTL=44

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 271ms, Maximum = 346ms, Average = 308ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...<delete> ......Microsoft Virtual WiFi Miniport Adapter
12...<delete> ......Bluetooth Device (Personal Area Network)
11...<delete> ......Atheros AR928X Wireless Network Adapter
10...<delete> ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.1.93.2 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:2cbf:980d:c44e:dea5/128
On-link
11 281 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::2cbf:980d:c44e:dea5/128
On-link
11 281 fe80::8cd0:c7f4:2cc1:b691/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/09/2011 05:06:28 AM) (Source: Application Hang) (User: )
Description: The program Acrobat.exe version 10.1.0.534 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 50c

Start Time: 01cc5623d71fcf96

Termination Time: 22

Application Path: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe

Report Id: 369f827a-c217-11e0-a460-001dba774f09

Error: (08/09/2011 03:14:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: bitcomet.exe, version: 1.27.4.22, time stamp: 0x4db1516f
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e
Exception code: 0xc0000374
Fault offset: 0x000c37b7
Faulting process id: 0x1730
Faulting application start time: 0xbitcomet.exe0
Faulting application path: bitcomet.exe1
Faulting module path: bitcomet.exe2
Report Id: bitcomet.exe3

Error: (08/07/2011 04:54:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: BitComet.exe, version: 1.27.4.22, time stamp: 0x4db1516f
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e
Exception code: 0xc0000374
Fault offset: 0x000c37b7
Faulting process id: 0xf2c
Faulting application start time: 0xBitComet.exe0
Faulting application path: BitComet.exe1
Faulting module path: BitComet.exe2
Report Id: BitComet.exe3

Error: (08/06/2011 07:01:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: BitComet.exe, version: 1.27.4.22, time stamp: 0x4db1516f
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e
Exception code: 0xc0000374
Fault offset: 0x000c37b7
Faulting process id: 0xb14
Faulting application start time: 0xBitComet.exe0
Faulting application path: BitComet.exe1
Faulting module path: BitComet.exe2
Report Id: BitComet.exe3

Error: (08/05/2011 04:02:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: BitComet.exe, version: 1.27.4.22, time stamp: 0x4db1516f
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e
Exception code: 0xc0000374
Fault offset: 0x000c37b7
Faulting process id: 0x13a8
Faulting application start time: 0xBitComet.exe0
Faulting application path: BitComet.exe1
Faulting module path: BitComet.exe2
Report Id: BitComet.exe3

Error: (08/04/2011 05:33:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: bitcomet.exe, version: 1.27.4.22, time stamp: 0x4db1516f
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e
Exception code: 0xc0000374
Fault offset: 0x000c37b7
Faulting process id: 0x310
Faulting application start time: 0xbitcomet.exe0
Faulting application path: bitcomet.exe1
Faulting module path: bitcomet.exe2
Report Id: bitcomet.exe3

Error: (08/02/2011 11:16:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: mpc-hc.exe, version: 1.5.0.2827, time stamp: 0x4d469b2c
Faulting module name: QuickTime.qts, version: 7.69.80.9, time stamp: 0x4cf4536a
Exception code: 0xc0000005
Fault offset: 0x00009c3f
Faulting process id: 0x1384
Faulting application start time: 0xmpc-hc.exe0
Faulting application path: mpc-hc.exe1
Faulting module path: mpc-hc.exe2
Report Id: mpc-hc.exe3

Error: (08/02/2011 08:15:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: BitComet.exe, version: 1.27.4.22, time stamp: 0x4db1516f
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e
Exception code: 0xc0000374
Fault offset: 0x000c37b7
Faulting process id: 0x1d0
Faulting application start time: 0xBitComet.exe0
Faulting application path: BitComet.exe1
Faulting module path: BitComet.exe2
Report Id: BitComet.exe3

Error: (08/02/2011 00:29:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: mpc-hc.exe, version: 1.5.0.2827, time stamp: 0x4d469b2c
Faulting module name: QuickTime.qts, version: 7.69.80.9, time stamp: 0x4cf4536a
Exception code: 0xc0000005
Fault offset: 0x00009c3f
Faulting process id: 0xb3c
Faulting application start time: 0xmpc-hc.exe0
Faulting application path: mpc-hc.exe1
Faulting module path: mpc-hc.exe2
Report Id: mpc-hc.exe3

Error: (08/02/2011 00:53:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: Acrobat.exe, version: 10.1.0.534, time stamp: 0x4ded1a14
Faulting module name: Updater.api_unloaded, version: 0.0.0.0, time stamp: 0x4ded2983
Exception code: 0xc0000005
Fault offset: 0x732e635b
Faulting process id: 0x1254
Faulting application start time: 0xAcrobat.exe0
Faulting application path: Acrobat.exe1
Faulting module path: Acrobat.exe2
Report Id: Acrobat.exe3


System errors:
=============
Error: (08/08/2011 10:46:24 PM) (Source: BugCheck) (User: )
Description: 0x0000007a (0xc0417ec8, 0xc0000185, 0x41fb5860, 0x82fd9d31)C:\Windows\MEMORY.DMP080811-27752-01

Error: (08/08/2011 10:46:19 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 22:44:17 on ?08-?08-?2011 was unexpected.

Error: (08/08/2011 08:38:42 PM) (Source: BugCheck) (User: )
Description: 0x0000007a (0xc0418078, 0xc0000185, 0x4076d860, 0x8300fd31)C:\Windows\MEMORY.DMP080811-30638-01

Error: (08/08/2011 08:38:35 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 20:37:24 on ?08-?08-?2011 was unexpected.

Error: (08/08/2011 06:01:27 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (08/07/2011 02:44:44 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/06/2011 02:47:00 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (08/06/2011 02:01:39 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (08/05/2011 11:01:41 AM) (Source: DCOM) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}

Error: (08/05/2011 11:01:08 AM) (Source: DCOM) (User: )
Description: {C332C124-340D-4430-AA0D-C75602876FCC}


Microsoft Office Sessions:
=========================
Error: (08/09/2011 05:06:28 AM) (Source: Application Hang)(User: )
Description: Acrobat.exe10.1.0.53450c01cc5623d71fcf9622C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe369f827a-c217-11e0-a460-001dba774f09

Error: (08/09/2011 03:14:00 AM) (Source: Application Error)(User: )
Description: bitcomet.exe1.27.4.224db1516fntdll.dll6.1.7601.175144ce7b96ec0000374000c37b7173001cc5613f1883db1C:\Program Files\BitComet\bitcomet.exeC:\Windows\SYSTEM32\ntdll.dll8666ad93-c207-11e0-a460-001dba774f09

Error: (08/07/2011 04:54:17 PM) (Source: Application Error)(User: )
Description: BitComet.exe1.27.4.224db1516fntdll.dll6.1.7601.175144ce7b96ec0000374000c37b7f2c01cc543d55841744C:\Program Files\BitComet\BitComet.exeC:\Windows\SYSTEM32\ntdll.dllc946978a-c0e7-11e0-8cb3-0024338a5f63

Error: (08/06/2011 07:01:37 PM) (Source: Application Error)(User: )
Description: BitComet.exe1.27.4.224db1516fntdll.dll6.1.7601.175144ce7b96ec0000374000c37b7b1401cc543c25e1345aC:\Program Files\BitComet\BitComet.exeC:\Windows\SYSTEM32\ntdll.dll6853edf2-c030-11e0-8cb3-0024338a5f63

Error: (08/05/2011 04:02:05 PM) (Source: Application Error)(User: )
Description: BitComet.exe1.27.4.224db1516fntdll.dll6.1.7601.175144ce7b96ec0000374000c37b713a801cc5359fee3bfc7C:\Program Files\BitComet\BitComet.exeC:\Windows\SYSTEM32\ntdll.dll29852bc8-bf4e-11e0-be5e-0024338a5f63

Error: (08/04/2011 05:33:31 PM) (Source: Application Error)(User: )
Description: bitcomet.exe1.27.4.224db1516fntdll.dll6.1.7601.175144ce7b96ec0000374000c37b731001cc529e180855eaC:\Program Files\BitComet\bitcomet.exeC:\Windows\SYSTEM32\ntdll.dllc53841c3-be91-11e0-8b98-0024338a5f63

Error: (08/02/2011 11:16:37 PM) (Source: Application Error)(User: )
Description: mpc-hc.exe1.5.0.28274d469b2cQuickTime.qts7.69.80.94cf4536ac000000500009c3f138401cc513c1a1d51beC:\Program Files\Media Player Classic - Home Cinema\mpc-hc.exeC:\Program Files\QuickTime\QTSystem\QuickTime.qts5e95d8b2-bd2f-11e0-8fe0-001dba774f09

Error: (08/02/2011 08:15:00 PM) (Source: Application Error)(User: )
Description: BitComet.exe1.27.4.224db1516fntdll.dll6.1.7601.175144ce7b96ec0000374000c37b71d001cc512287dab0ceC:\Program Files\BitComet\BitComet.exeC:\Windows\SYSTEM32\ntdll.dllff131fdd-bd15-11e0-8fe0-001dba774f09

Error: (08/02/2011 00:29:29 PM) (Source: Application Error)(User: )
Description: mpc-hc.exe1.5.0.28274d469b2cQuickTime.qts7.69.80.94cf4536ac000000500009c3fb3c01cc50e1b126129aC:\Program Files\Media Player Classic - Home Cinema\mpc-hc.exeC:\Program Files\QuickTime\QTSystem\QuickTime.qtsf6e96995-bcd4-11e0-8fe0-001dba774f09

Error: (08/02/2011 00:53:52 AM) (Source: Application Error)(User: )
Description: Acrobat.exe10.1.0.5344ded1a14Updater.api_unloaded0.0.0.04ded2983c0000005732e635b125401cc508068e8ce9aC:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exeUpdater.apic9dc7e4a-bc73-11e0-bdec-0024338a5f63


=========================== Installed Programs ============================

ÁTorrent (Version: 2.2.1)
Adobe Acrobat X Pro - English, Franšais, Deutsch (Version: 10.1.0)
Adobe Digital Editions
Adobe Flash Player 10 ActiveX (Version: 10.3.181.16)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
AIMP2
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
avast! Free Antivirus (Version: 6.0.1203.0)
BitComet 1.27 (Version: 1.27)
BufferChm (Version: 130.0.331.000)
Bulk Rename Utility 2.7.1.2
Canon LBP3100/LBP3108/LBP3150
CCleaner (Version: 3.09)
Click to Call with Skype (Version: 5.5.8013)
COMODO Internet Security (Version: 5.3.50343.1263)
Destinations (Version: 130.0.0.0)
DHTML Editing Component (Version: 6.02.0001)
DocProc (Version: 13.0.0.0)
EASEUS Partition Master 9.0.0 Home Edition
ECL Viewer (Version: 6.0)
Everything 1.2.1.371
Fraps (remove only)
GOM Player (Version: 2.1.28.5039)
Google Talk Plugin (Version: 2.1.8.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Scanjet G2410 and 2400 (Version: 13.0)
HP Update (Version: 4.000.011.006)
hpg2410 (Version: 13.0.0.0)
IcoFX 1.6.4
Internet Download Manager
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
JDownloader 0.9 (Version: 0.9)
LockHunter version 1.0 beta 3, 32 bit edition
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Media Player Classic - Home Cinema v1.5.0.2827 (Version: 1.5.0.2827)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Personal Folders Backup (Version: 1.10.0.0)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (Version: 9.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MozBackup 1.5.1
Mozilla Firefox (3.6.16) (Version: 3.6.16 (en-US))
Mozilla Firefox 4.0.1 (x86 en-GB) (Version: 4.0.1)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4.0 redistributable (Version: 4.0.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.41.0)
Nokia Ovi Suite (Version: 3.1.0.84)
Nokia Ovi Suite Software Updater (Version: 02.07.004.45780)
Norton AntiVirus (Version: 18.6.0.29)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Ovi Desktop Sync Engine (Version: 1.5.257.0)
OviMPlatform (Version: 2.7.66.0)
PC Connectivity Solution (Version: 11.4.15.0)
Picasa 3 (Version: 3.8)
PowerISO (Version: 4.7)
QuickTime (Version: 7.69.80.9)
Radmin Viewer 3.4 (Version: 3.41.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5983)
Revo Uninstaller Pro 2.5.3 (Version: 2.5.3)
Samsung Universal Print Driver (Version: 2.02.05.00:24)
SAP Business Explorer (Version: 7.20)
SAP GUI for Windows 7.20 (Version: 7.20 Compilation 1)
SAP JNet
SAPSetup Automatic Workstation Update Service
Scan (Version: 13.0.0.0)
SkypeÖ 5.5 (Version: 5.5.113)
Startup Defender 1.9.5 (Version: 1.9.5)
STDU Viewer version 1.6.2.0 (Version: 1.6.2.0)
Stickies 7.1a
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.3.0)
vcredist_x86 (Version: 1.0.0)
VLC media player 1.1.10 (Version: 1.1.10)
WebReg (Version: 130.0.132.017)
Win7codecs (Version: 2.8.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Mobile Device Updater Component (Version: 04.07.1407.00)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
WordWeb Pro (Version: 6)

========================= Memory info: ===================================

Percentage of memory in use: 63%
Total physical RAM: 1914.98 MB
Available physical RAM: 706.89 MB
Total Pagefile: 3829.95 MB
Available Pagefile: 1891.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.01 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:39.97 GB) (Free:11.81 GB) NTFS
2 Drive d: () (Fixed) (Total:52.74 GB) (Free:30.36 GB) NTFS
3 Drive e: (DATA) (Fixed) (Total:128.75 GB) (Free:7.51 GB) NTFS

========================= Users: ========================================

User accounts for \\PE8CE-PC

Administrator Guest pe8ce


== End of log ==

#4 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 09 August 2011 - 08:16 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-09 18:08:50
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2555GSX rev.FG001A
Running: 3durere8.exe; Driver: C:\Users\pe8ce\AppData\Local\Temp\ugloapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E41E202]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8E488DA4]
SSDT 867E4A18 ZwAlertResumeThread
SSDT 867E4AF8 ZwAlertThread
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9059AD8C]
SSDT 85FB1CB0 ZwAlpcConnectPort
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8E488F90]
SSDT 867E6A38 ZwAssignProcessToJobObject
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8E4880CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E4207F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E420848]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8E488A0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E42095E]
SSDT 867E6FC0 ZwCreateMutant
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8E487FAE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8E48879E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E42079A]
SSDT 867E6758 ZwCreateSymbolicLinkObject
SSDT 867D7368 ZwCreateThread
SSDT 867E6848 ZwCreateThreadEx
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E42090C]
SSDT 867E6B18 ZwDebugActiveProcess
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E41E226]
SSDT 867E4008 ZwDuplicateObject
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9059AE3C]
SSDT 867E4858 ZwImpersonateAnonymousToken
SSDT 867E4938 ZwImpersonateThread
SSDT 860C7110 ZwLoadDriver
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8E488396]
SSDT 867E4170 ZwMapViewOfSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E41E24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E420D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E41ECDA]
SSDT 867E6F00 ZwOpenEvent
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E420870]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8E488BE6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E420988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E420772]
SSDT 867D7210 ZwOpenProcess
SSDT 867E4540 ZwOpenProcessToken
SSDT 867E6D40 ZwOpenSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E4207C8]
SSDT 867D7120 ZwOpenThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E420936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9059AED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E41EBA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8E48948A]
SSDT 867E4BD8 ZwResumeThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8E48973E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E41E26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E41E292]
SSDT 867E4E78 ZwSetContextThread
SSDT 867E4F38 ZwSetInformationProcess
SSDT 867E6BF8 ZwSetSystemInformation
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E41E186]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8E488300]
SSDT 867E6E20 ZwSuspendProcess
SSDT 867E4CB8 ZwSuspendThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8E488526]
SSDT 867D7468 ZwTerminateProcess
SSDT 867E4D98 ZwTerminateThread
SSDT 867E4090 ZwUnmapViewOfSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E41E2B6]
SSDT 867E4360 ZwWriteVirtualMemory

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x905B0398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82E4B339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E84D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E8BDC0 4 Bytes [02, E2, 41, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82E8BDCC 12 Bytes [A4, 8D, 48, 8E, 18, 4A, 7E, ...] {MOVSB ; LEA ECX, [EAX-0x72]; SBB [EDX+0x7e], CL; XCHG AL, BH; DEC EDX; JLE 0xffffffffffffff92}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E8BDE8 4 Bytes [8C, AD, 59, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82E8BDF4 8 Bytes [B0, 1C, FB, 85, 90, 8F, 48, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E8BE48 4 Bytes [38, 6A, 7E, 86]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83018B72 5 Bytes JMP 905ABD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8303115E 5 Bytes JMP 905AD80A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8304625D 4 Bytes CALL 8E41F34B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8306002F 4 Bytes CALL 8E41F361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830E9E6E 7 Bytes JMP 905B039C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text peauth.sys AF23BC9D 28 Bytes [5E, 2E, EE, D5, EA, C1, 27, ...]
.text peauth.sys AF23BCC1 28 Bytes [5E, 2E, EE, D5, EA, C1, 27, ...]
.text user32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes [E9, 0A, 5C, C9, 88] {JMP 0xffffffff88c95c0f}
.text user32.dll!UnhookWinEvent 7759B750 5 Bytes [E9, A7, 4C, C9, 88] {JMP 0xffffffff88c94cac}
.text user32.dll!SetWindowsHookExW 7759E30C 5 Bytes [E9, F3, 24, C9, 88] {JMP 0xffffffff88c924f8}
.text user32.dll!SetWinEventHook 775A24DC 5 Bytes [E9, 17, DD, C8, 88] {JMP 0xffffffff88c8dd1c}
.text user32.dll!SetWindowsHookExA 775C6D0C 5 Bytes [E9, EF, 98, C6, 88] {JMP 0xffffffff88c698f4}
.text user32.dll!EndTask 775DFD66 5 Bytes [E9, 25, E2, A4, 98] {JMP 0xffffffff98a4e22a}
.text advapi32.dll!CreateProcessAsUserA 77412538 5 Bytes [E9, 13, F6, C0, 98] {JMP 0xffffffff98c0f618}
.text ole32.dll!CoGetClassObject 770954AD 5 Bytes [E9, 1E, 8D, F9, 98] {JMP 0xffffffff98f98d23}
.text ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes [E9, BD, 46, F8, 98] {JMP 0xffffffff98f846c2}
.text kernel32.dll!CreateProcessW 76F7204D 5 Bytes [E9, 9E, 06, 0B, 99] {JMP 0xffffffff990b06a3}
.text kernel32.dll!CreateProcessA 76F72082 5 Bytes [E9, F9, 11, 0B, 99] {JMP 0xffffffff990b11fe}
.text kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes [E9, 6C, B8, 07, 99] {JMP 0xffffffff9907b871}
.text kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\spoolsv.exe[444] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[444] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[444] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[444] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[444] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[444] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[444] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[444] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[444] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[444] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[444] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[444] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00100600
.text C:\Windows\System32\spoolsv.exe[444] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[444] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[444] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[444] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[560] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[572] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[572] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[572] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[572] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[572] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[572] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[572] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[572] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[572] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[572] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[572] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[572] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\Dwm.exe[572] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[572] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[572] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[572] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[612] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[612] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[612] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[612] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[612] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\wininit.exe[612] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[628] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtAlpcSendWaitReceivePort 77D65418 5 Bytes JMP 100285D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[672] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[672] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\services.exe[672] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00190A08
.text C:\Windows\system32\services.exe[672] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001903FC
.text C:\Windows\system32\services.exe[672] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00190804
.text C:\Windows\system32\services.exe[672] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001901F8
.text C:\Windows\system32\services.exe[672] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00190600
.text C:\Windows\system32\services.exe[672] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[688] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 000A0A08
.text C:\Windows\system32\lsass.exe[688] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsass.exe[688] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 000A0804
.text C:\Windows\system32\lsass.exe[688] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsass.exe[688] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 000A0600
.text C:\Windows\system32\lsass.exe[688] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[692] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[692] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[692] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[692] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[692] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00180600
.text C:\Windows\system32\svchost.exe[692] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\lsm.exe[696] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 001A0A08
.text C:\Windows\system32\lsm.exe[696] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001A03FC
.text C:\Windows\system32\lsm.exe[696] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 001A0804
.text C:\Windows\system32\lsm.exe[696] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001A01F8
.text C:\Windows\system32\lsm.exe[696] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 001A0600
.text C:\Windows\system32\lsm.exe[696] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\winlogon.exe[724] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[724] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[724] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[724] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[724] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[724] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[724] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[724] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[800] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[800] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[800] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[800] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[800] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[800] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[800] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[800] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00370A08
.text C:\Windows\system32\svchost.exe[800] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 003703FC
.text C:\Windows\system32\svchost.exe[800] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00370804
.text C:\Windows\system32\svchost.exe[800] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 003701F8
.text C:\Windows\system32\svchost.exe[800] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00370600
.text C:\Windows\system32\svchost.exe[800] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[800] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[800] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[800] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[856] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00220A08
.text C:\Windows\system32\svchost.exe[856] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002203FC
.text C:\Windows\system32\svchost.exe[856] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00220804
.text C:\Windows\system32\svchost.exe[856] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002201F8
.text C:\Windows\system32\svchost.exe[856] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00220600
.text C:\Windows\system32\svchost.exe[856] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[952] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 004F0A08
.text C:\Windows\system32\svchost.exe[952] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 004F03FC
.text C:\Windows\system32\svchost.exe[952] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 004F0804
.text C:\Windows\system32\svchost.exe[952] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 004F01F8
.text C:\Windows\system32\svchost.exe[952] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 004F0600
.text C:\Windows\system32\svchost.exe[952] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1004] ntdll.dll!NtAllocateVirtualMemory 77D652D8 5 Bytes JMP 005190B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1004] ntdll.dll!NtCreateFile 77D655C8 5 Bytes JMP 00531040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1004] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1004] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 001601F8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1004] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1004] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1004] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002F03FC
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1004] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 002F0804
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1004] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002F01F8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1004] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 002F0600
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 009E0A08
.text C:\Windows\system32\svchost.exe[1084] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 009E03FC
.text C:\Windows\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 009E0804
.text C:\Windows\system32\svchost.exe[1084] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 009E01F8
.text C:\Windows\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 009E0600
.text C:\Windows\system32\svchost.exe[1084] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1084] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1084] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1140] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 003E0A08
.text C:\Windows\System32\svchost.exe[1140] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 003E03FC
.text C:\Windows\System32\svchost.exe[1140] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 003E0804
.text C:\Windows\System32\svchost.exe[1140] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 003E01F8
.text C:\Windows\System32\svchost.exe[1140] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 003E0600
.text C:\Windows\System32\svchost.exe[1140] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1140] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1140] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1148] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1148] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1148] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1148] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1148] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1148] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1148] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1148] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1148] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00110A08
.text C:\Windows\Explorer.EXE[1148] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001103FC
.text C:\Windows\Explorer.EXE[1148] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00110804
.text C:\Windows\Explorer.EXE[1148] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001101F8
.text C:\Windows\Explorer.EXE[1148] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00110600
.text C:\Windows\Explorer.EXE[1148] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1148] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1148] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1184] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00250A08
.text C:\Windows\System32\svchost.exe[1184] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002503FC
.text C:\Windows\System32\svchost.exe[1184] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00250804
.text C:\Windows\System32\svchost.exe[1184] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002501F8
.text C:\Windows\System32\svchost.exe[1184] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00250600
.text C:\Windows\System32\svchost.exe[1184] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1184] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1184] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00260A08
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002603FC
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00260804
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002601F8
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00260600
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1240] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1240] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\taskmgr.exe[1308] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\taskmgr.exe[1308] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\taskmgr.exe[1308] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\taskmgr.exe[1308] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\taskmgr.exe[1308] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\taskmgr.exe[1308] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\taskmgr.exe[1308] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\System32\taskmgr.exe[1308] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\taskmgr.exe[1308] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00090A08
.text C:\Windows\System32\taskmgr.exe[1308] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 000903FC
.text C:\Windows\System32\taskmgr.exe[1308] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00090804
.text C:\Windows\System32\taskmgr.exe[1308] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 000901F8
.text C:\Windows\System32\taskmgr.exe[1308] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00090600
.text C:\Windows\System32\taskmgr.exe[1308] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\taskmgr.exe[1308] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\taskmgr.exe[1308] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00180600
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001403FC
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00140804
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001401F8
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00140600
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[1568] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IDMan.exe[1580] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] ntdll.dll!LdrUnloadDll 77D7C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] kernel32.dll!SetUnhandledExceptionFilter 76FBF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00230A08
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002303FC
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00230804
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002301F8
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00230600
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\. DOWNLOADS\IDM\3durere8.exe[1736] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1804] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1804] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1804] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1804] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 008E0A08
.text C:\Windows\system32\svchost.exe[1804] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 008E03FC
.text C:\Windows\system32\svchost.exe[1804] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 008E0804
.text C:\Windows\system32\svchost.exe[1804] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 008E01F8
.text C:\Windows\system32\svchost.exe[1804] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 008E0600
.text C:\Windows\system32\svchost.exe[1804] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002103FC
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00210804
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002101F8
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00210600
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[1820] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1844] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1844] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1844] ntdll.dll!LdrLoadDll

.text C:\Windows\system32\taskhost.exe[1844] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1844] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1844] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1844] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1844] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1844] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1844] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[1844] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[1844] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[1844] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[1844] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 000E0600
.text C:\Windows\system32\taskhost.exe[1844] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1844] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2156] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2156] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2156] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2156] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2156] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2156] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2156] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\explorer.exe[2156] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2156] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00150A08
.text C:\Windows\explorer.exe[2156] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001503FC
.text C:\Windows\explorer.exe[2156] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00150804
.text C:\Windows\explorer.exe[2156] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001501F8
.text C:\Windows\explorer.exe[2156] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00150600
.text C:\Windows\explorer.exe[2156] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2156] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2156] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WordWeb\wweb32.exe[2212] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WordWeb\wweb32.exe[2212] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WordWeb\wweb32.exe[2212] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WordWeb\wweb32.exe[2212] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WordWeb\wweb32.exe[2212] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WordWeb\wweb32.exe[2212] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WordWeb\wweb32.exe[2212] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\WordWeb\wweb32.exe[2212] advapi32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WordWeb\wweb32.exe[2212] user32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\WordWeb\wweb32.exe[2212] user32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002003FC
.text C:\Program Files\WordWeb\wweb32.exe[2212] user32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00200804
.text C:\Program Files\WordWeb\wweb32.exe[2212] user32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002001F8
.text C:\Program Files\WordWeb\wweb32.exe[2212] user32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00200600
.text C:\Program Files\WordWeb\wweb32.exe[2212] user32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WordWeb\wweb32.exe[2212] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WordWeb\wweb32.exe[2212] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2516] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2516] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2516] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2516] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[2516] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[2516] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[2516] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[2516] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00180600
.text C:\Windows\system32\svchost.exe[2516] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2516] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2516] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2516] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2536] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2536] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2536] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2536] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2536] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2536] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2536] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\explorer.exe[2536] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2536] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00110A08
.text C:\Windows\explorer.exe[2536] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001103FC
.text C:\Windows\explorer.exe[2536] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00110804
.text C:\Windows\explorer.exe[2536] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001101F8
.text C:\Windows\explorer.exe[2536] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00110600
.text C:\Windows\explorer.exe[2536] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2536] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[2536] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2828] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2828] ntdll.dll!LdrUnloadDll 77D7C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2828] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2828] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2828] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2828] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2828] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2828] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2828] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2828] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2828] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001403FC
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00140804
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001401F8
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00140600
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe[2960] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3168] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3168] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3168] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3168] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3168] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3168] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3168] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3168] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00220A08
.text C:\Windows\system32\svchost.exe[3168] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002203FC
.text C:\Windows\system32\svchost.exe[3168] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00220804
.text C:\Windows\system32\svchost.exe[3168] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002201F8
.text C:\Windows\system32\svchost.exe[3168] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00220600
.text C:\Windows\system32\svchost.exe[3168] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3168] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3228] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3228] ntdll.dll!LdrUnloadDll 77D7C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3228] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3228] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3228] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3228] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3228] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[3228] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3228] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3228] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3228] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002F03FC
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 002F0804
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002F01F8
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 002F0600
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3392] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 001E0A08
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001E03FC
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 001E0804
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001E01F8
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 001E0600
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe[3484] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3628] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3672] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 0122CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3672] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 0122CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3672] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 01235680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3672] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 012326F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3672] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 01233280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3672] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 01231220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3672] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[3672] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00300A08
.text C:\Windows\System32\igfxtray.exe[3672] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 003003FC
.text C:\Windows\System32\igfxtray.exe[3672] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00300804
.text C:\Windows\System32\igfxtray.exe[3672] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 003001F8
.text C:\Windows\System32\igfxtray.exe[3672] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00300600
.text C:\Windows\System32\igfxtray.exe[3672] USER32.dll!EndTask 775DFD66 5 Bytes JMP 0123DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3672] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 01231B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3672] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 0123E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3672] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 0123E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3696] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 0035CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3696] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 0035CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3696] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 00365680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3696] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 003626F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3696] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 00363280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3696] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 00361220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3696] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[3696] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00300A08
.text C:\Windows\System32\hkcmd.exe[3696] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 003003FC
.text C:\Windows\System32\hkcmd.exe[3696] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00300804
.text C:\Windows\System32\hkcmd.exe[3696] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 003001F8
.text C:\Windows\System32\hkcmd.exe[3696] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00300600
.text C:\Windows\System32\hkcmd.exe[3696] USER32.dll!EndTask 775DFD66 5 Bytes JMP 0036DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3696] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 00361B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3696] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 0036E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3696] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 0036E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3712] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3712] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3712] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3712] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3712] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3712] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3712] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3712] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3712] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\SearchIndexer.exe[3712] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\SearchIndexer.exe[3712] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\SearchIndexer.exe[3712] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\SearchIndexer.exe[3712] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\SearchIndexer.exe[3712] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3712] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3712] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3720] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 0045CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3720] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 0045CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3720] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 00465680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3720] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 004626F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3720] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 00463280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3720] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 00461220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3720] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3720] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 00461B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3720] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00210A08
.text C:\Windows\System32\igfxpers.exe[3720] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002103FC
.text C:\Windows\System32\igfxpers.exe[3720] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00210804
.text C:\Windows\System32\igfxpers.exe[3720] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002101F8
.text C:\Windows\System32\igfxpers.exe[3720] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00210600
.text C:\Windows\System32\igfxpers.exe[3720] USER32.dll!EndTask 775DFD66 5 Bytes JMP 0046DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3720] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 0046E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3720] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 0046E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00310A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00310804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 003101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00310600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3760] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 002D0A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002D03FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 002D0804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002D01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 002D0600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3824] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002003FC
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00200804
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002001F8
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00200600
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[3856] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Stickies\stickies.exe[3960] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Stickies\stickies.exe[3960] ntdll.dll!LdrUnloadDll 77D7C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Stickies\stickies.exe[3960] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Stickies\stickies.exe[3960] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Stickies\stickies.exe[3960] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Stickies\stickies.exe[3960] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Stickies\stickies.exe[3960] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Stickies\stickies.exe[3960] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Stickies\stickies.exe[3960] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Stickies\stickies.exe[3960] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Stickies\stickies.exe[3960] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 000F03FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 000F0804
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 000F01F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 000F0600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4248] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00250A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00250804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00250600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4428] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00090804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00090600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4516] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\ctfmon.exe[5004] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\ctfmon.exe[5004] ntdll.dll!LdrUnloadDll 77D7C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\ctfmon.exe[5004] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\ctfmon.exe[5004] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\ctfmon.exe[5004] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\ctfmon.exe[5004] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\ctfmon.exe[5004] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\ctfmon.exe[5004] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\ctfmon.exe[5004] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\ctfmon.exe[5004] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\ctfmon.exe[5004] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\mblctr.exe[5040] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\mblctr.exe[5040] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\mblctr.exe[5040] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\mblctr.exe[5040] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\mblctr.exe[5040] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\mblctr.exe[5040] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\mblctr.exe[5040] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\system32\mblctr.exe[5040] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\mblctr.exe[5040] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\mblctr.exe[5040] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\mblctr.exe[5040] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\mblctr.exe[5040] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\mblctr.exe[5040] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\mblctr.exe[5040] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\mblctr.exe[5040] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\mblctr.exe[5040] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5076] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5076] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5076] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5076] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5076] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5076] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5076] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\explorer.exe[5076] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5076] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00150A08
.text C:\Windows\explorer.exe[5076] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001503FC
.text C:\Windows\explorer.exe[5076] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00150804
.text C:\Windows\explorer.exe[5076] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001501F8
.text C:\Windows\explorer.exe[5076] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00150600
.text C:\Windows\explorer.exe[5076] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5076] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5076] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5196] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5196] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5196] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5196] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5196] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5196] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5196] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\explorer.exe[5196] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5196] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00110A08
.text C:\Windows\explorer.exe[5196] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001103FC
.text C:\Windows\explorer.exe[5196] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00110804
.text C:\Windows\explorer.exe[5196] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001101F8
.text C:\Windows\explorer.exe[5196] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00110600
.text C:\Windows\explorer.exe[5196] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5196] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5196] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5424] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5424] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5424] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5424] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5424] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5424] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5424] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\explorer.exe[5424] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5424] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00110A08
.text C:\Windows\explorer.exe[5424] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001103FC
.text C:\Windows\explorer.exe[5424] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00110804
.text C:\Windows\explorer.exe[5424] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001101F8
.text C:\Windows\explorer.exe[5424] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00110600
.text C:\Windows\explorer.exe[5424] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5424] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5424] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5504] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5504] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5504] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5504] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5504] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5504] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5504] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\explorer.exe[5504] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5504] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00250A08
.text C:\Windows\explorer.exe[5504] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002503FC
.text C:\Windows\explorer.exe[5504] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00250804
.text C:\Windows\explorer.exe[5504] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002501F8
.text C:\Windows\explorer.exe[5504] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00250600
.text C:\Windows\explorer.exe[5504] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5504] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[5504] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5960] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[6108] ntdll.dll!NtClose 77D654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[6108] ntdll.dll!LdrUnloadDll 77D7C8DE 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[6108] ntdll.dll!LdrLoadDll 77D822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[6108] kernel32.dll!CreateProcessW 76F7204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[6108] kernel32.dll!CreateProcessA 76F72082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[6108] kernel32.dll!CreateProcessAsUserW 76FA59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[6108] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62]
.text C:\Windows\System32\mobsync.exe[6108] ADVAPI32.dll!CreateProcessAsUserA 77412538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[6108] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 00220A08
.text C:\Windows\System32\mobsync.exe[6108] USER32.dll!UnhookWinEvent 7759B750 5 Bytes JMP 002203FC
.text C:\Windows\System32\mobsync.exe[6108] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 00220804
.text C:\Windows\System32\mobsync.exe[6108] USER32.dll!SetWinEventHook 775A24DC 5 Bytes JMP 002201F8
.text C:\Windows\System32\mobsync.exe[6108] USER32.dll!SetWindowsHookExA 775C6D0C 5 Bytes JMP 00220600
.text C:\Windows\System32\mobsync.exe[6108] USER32.dll!EndTask 775DFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[6108] ole32.dll!CoGetClassObject 770954AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\mobsync.exe[6108] ole32.dll!CoCreateInstanceEx 770A9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746C2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746A5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746A56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746C24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746B8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746B4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746B506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746B5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746B6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746B826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746B87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746B901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746BE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746B4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [746C2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [746A5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [746A56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [746C24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [746B8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [746B4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [746B506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [746B5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746B6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746B826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [746B87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [746B901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [746BE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2156] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [746B4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [746C2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [746A5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [746A56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [746C24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [746B8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [746B4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [746B506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [746B5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746B6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746B826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [746B87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [746B901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [746BE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [746B4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [746C2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [746A5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [746A56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [746C24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [746B8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [746B4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [746B506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [746B5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746B6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746B826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [746B87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [746B901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [746BE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5076] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [746B4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [746C2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [746A5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [746A56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [746C24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [746B8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [746B4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [746B506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [746B5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746B6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746B826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [746B87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [746B901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [746BE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5196] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [746B4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [746C2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [746A5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [746A56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [746C24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [746B8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [746B4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [746B506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [746B5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746B6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746B826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [746B87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [746B901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [746BE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [746B4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [746C2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [746A5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [746A56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [746C24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [746B8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [746B4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [746B506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [746B5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746B6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746B826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [746B87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [746B901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [746BE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [746B4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\ACPI_HAL \Device\0000005e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024338a5f63
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024338a5f63@1886ac05b953 0xEC 0xEF 0xF5 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024338a5f63 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024338a5f63@1886ac05b953 0xEC 0xEF 0xF5 0xBE ...

---- EOF - GMER 1.0.15 ----

#5 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 09 August 2011 - 08:21 AM

Hi!

The gmer log was too long, so I split it in two parts. Also, I wish to know whether publicly posting my physical address poses any risk?

Regarding the current state of events, Comodo Firewall is still blocking outgoing connections to one port.

Thanks in advance!

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:28 PM

Posted 09 August 2011 - 07:06 PM

Also, I wish to know whether publicly posting my physical address poses any risk?

No.

You're running two AV programs:
avast! Free Antivirus
Norton AntiVirus

One of them has to go.

If Norton make sure to use this tool to remove it: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

Then...

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 10 August 2011 - 05:06 AM

Thanks Broni ... Which AV software would you recommend removing? I purchased Norton AV after I reading AV Comparatives report on antivirus softwares. But while the two (Avast & Norton) are running, Avast is the more proactive one while detecting viruses on external storage and while browsing web. If I remove NAV, my money is wasted, if I remove Avast, I might be at a greater risk of infection.

Mainly I wish your opinion on how to have that "extra protection" in case one antivirus fails to detect threats? (Sorry for bothering you with cliches :P )

Also, I forgot to mention, gmer didn't show any kind of alert regarding spyware.

#8 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 10 August 2011 - 05:16 AM

Also, one more thing, it may sound silly but why was my gmer log that long?? I mean I checked logs of other people ...they were able to post in a single reply...is my laptop bloated with programs?? or some other reason??

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:28 PM

Posted 10 August 2011 - 06:56 PM

Since you paid for Norton, keep it and uninstall Avast.
There is no perfect AV program.
Your computer security will always mostly depend on your computing habits.

As for GMER its log will look different almost for any given computer as each machine is very unique.
More info about what it does: http://www.raymond.cc/blog/archives/2009/03/18/gmer-is-a-powerful-rootkit-detector-and-remover/

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 11 August 2011 - 01:40 AM

Hi! Thank You Broni :) I'll remove Avast and keep Norton...the log follows


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/11/2011 at 11:03 AM

Application Version : 5.0.1108

Core Rules Database Version : 7547
Trace Rules Database Version: 5359

Scan type : Complete Scan
Total Scan Time : 02:47:43

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 373
Memory threats detected : 0
Registry items scanned : 38837
Registry threats detected : 0
File items scanned : 305764
File threats detected : 0

#11 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 11 August 2011 - 03:50 AM

SUPERAntiSpyware too didn't detect anything...should I assume my computer to be clean? Then what could be the reason for MBAM to show two infections while scanning, couldn't get a log due to bluescreen...shall I try MBAM in safe mode??

I noticed a peculiar thing though, when I started my laptop, svchost.exe wasn't using any bandwidth, also, Comodo Firewall wasn showing Zero intrusions ... then to check whether malwarebytes still blocks outgoing connections from bitcomet, I opened it...MBAM started going berserk again...after that I closed bitcomet...now Comodo Firewall is blocking intrusions at the rate of 1/s! What shall I conclude from this?? I've read here and there that bitcomet is not a reliable software...shall I stop using it??

Also, System processes listening on various ports...what does that mean?

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:28 PM

Posted 11 August 2011 - 04:23 PM

At this point....

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 11 August 2011 - 06:27 PM

Thanks Broni for the assistance :) ...I'll do as you suggested...in the meanwhile I did a MBAM scan in safe mode...and it found 5 infected files...removed all...I'll start a new thread at the place you suggested...


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7431

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

12-08-2011 04:43:19
mbam-log-2011-08-12 (04-43-19).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 455896
Time elapsed: 1 hour(s), 16 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
d:\Users\vaio\AppData\Roaming\thinstall\microsoft works\603e00001500002i\WkDStore.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
d:\Users\vaio\AppData\Roaming\thinstall\microsoft works\6d0800001500002i\wkgdcach.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
e:\. downloads\. firefox\Setups\skipscreen-setup.exe (PUP.Zugo) -> Quarantined and deleted successfully.
e:\. installers\office, works, pdf\nitro.pdf.professional.v6.0.1.8.incl.keymaker-embrace\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\. installers\office, works, pdf\nitro.pdf.professional.v6.0.2.6.incl.keymaker-embrace\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:28 PM

Posted 11 August 2011 - 06:49 PM

Please do and good luck!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 11 August 2011 - 07:33 PM

Thanks again :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users