Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Irritating Problem!!!


  • This topic is locked This topic is locked
18 replies to this topic

#1 manutdj28

manutdj28

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 20 August 2011 - 08:35 PM

It started a few months ago, where several of my applications (including internet explorer and many others), came up with the error within seconds of them starting up "(Applicationname)...has encountered a problem and needs to close", but suddenly it stopped , but now those applications are free of problems now, but it is not up until recent, that the "Adobe Setup" now has this problem, which is unbelievably frustrating as i really want to install photoshop.

Whenever this occurs a appcombat.txt file always appears in the Temp folder in local settings, in this text document contains information on the error ( i think),and alot of the keywords in there are things like "mshtml.dll" and "kerne32.dll" and many more, but im not brilliant with computers so i do not understand what the solution is, i have reset all my internet explorer settings as i was told this may sort it out by someone but now, to make matters even worse, when i open up adobe setup the "encountered a problem" error doesn't even appear anymore, instead nothing happens just a sandtimer for around 2 seconds.

Please help,this is so annoying! Any help will be appreciated and im prepared to give you info of comp.etc if needed :) thanks!

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:34 AM

Posted 20 August 2011 - 08:52 PM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#3 manutdj28

manutdj28
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 20 August 2011 - 09:07 PM

Here you go mate :)

MiniToolBox by Farbar
Ran by Jamie (administrator) on 21-08-2011 at 03:03:01
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.


========================= Event log errors: ===============================

Application errors:
==================
Error: (08/21/2011 02:13:36 AM) (Source: Application Error) (User: )
Description: Faulting application mshta.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x00209d7c.
Processing media-specific event for [mshta.exe!ws!]

Error: (08/21/2011 02:12:09 AM) (Source: Application Error) (User: )
Description: Fault bucket 1312104813.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/21/2011 02:11:51 AM) (Source: Application Error) (User: )
Description: Faulting application mshta.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x00209d7c.
Processing media-specific event for [mshta.exe!ws!]

Error: (08/21/2011 02:04:47 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x00209d7c.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/20/2011 04:51:25 PM) (Source: MsiInstaller) (User: Jamie)Jamie
Description: Product: Adobe Setup -- Please install Adobe Setup using Setup.exe

Error: (08/20/2011 04:11:42 PM) (Source: Application Error) (User: )
Description: Faulting application setup.exe, version 1.0.135.0, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x00209d7c.
Processing media-specific event for [setup.exe!ws!]

Error: (08/20/2011 04:11:23 PM) (Source: Application Error) (User: )
Description: Faulting application setup.exe, version 1.0.135.0, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x00209d7c.
Processing media-specific event for [setup.exe!ws!]

Error: (08/20/2011 04:07:42 PM) (Source: Application Error) (User: )
Description: Faulting application setup.exe, version 1.0.135.0, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x00209d7c.
Processing media-specific event for [setup.exe!ws!]

Error: (08/20/2011 04:07:01 PM) (Source: Application Error) (User: )
Description: Fault bucket 1312135756.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/20/2011 04:06:50 PM) (Source: Application Error) (User: )
Description: Faulting application setup.exe, version 1.0.135.0, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x00209d7c.
Processing media-specific event for [setup.exe!ws!]


System errors:
=============
Error: (08/21/2011 03:00:49 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

Error: (08/21/2011 02:09:32 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

Error: (08/21/2011 02:07:00 AM) (Source: Service Control Manager) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (08/21/2011 02:07:00 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi 2.0 Tunneling Engine service failed to start due to the following error:
%%3

Error: (08/20/2011 04:04:44 PM) (Source: Service Control Manager) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (08/20/2011 04:04:44 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi 2.0 Tunneling Engine service failed to start due to the following error:
%%3

Error: (08/20/2011 11:46:11 AM) (Source: Service Control Manager) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (08/20/2011 11:46:11 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi 2.0 Tunneling Engine service failed to start due to the following error:
%%3

Error: (08/20/2011 11:45:37 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00215C07EA01 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/20/2011 03:00:53 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).


Microsoft Office Sessions:
=========================
Error: (08/21/2011 02:13:36 AM) (Source: Application Error)(User: )
Description: mshta.exe8.0.6001.18702mshtml.dll8.0.6001.1878300209d7c

Error: (08/21/2011 02:12:09 AM) (Source: Application Error)(User: )
Description: 1312104813

Error: (08/21/2011 02:11:51 AM) (Source: Application Error)(User: )
Description: mshta.exe8.0.6001.18702mshtml.dll8.0.6001.1878300209d7c

Error: (08/21/2011 02:04:47 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.1878300209d7c

Error: (08/20/2011 04:51:25 PM) (Source: MsiInstaller)(User: Jamie)Jamie
Description: Product: Adobe Setup -- Please install Adobe Setup using Setup.exe(NULL)(NULL)(NULL)

Error: (08/20/2011 04:11:42 PM) (Source: Application Error)(User: )
Description: setup.exe1.0.135.0mshtml.dll8.0.6001.1878300209d7c

Error: (08/20/2011 04:11:23 PM) (Source: Application Error)(User: )
Description: setup.exe1.0.135.0mshtml.dll8.0.6001.1878300209d7c

Error: (08/20/2011 04:07:42 PM) (Source: Application Error)(User: )
Description: setup.exe1.0.135.0mshtml.dll8.0.6001.1878300209d7c

Error: (08/20/2011 04:07:01 PM) (Source: Application Error)(User: )
Description: 1312135756

Error: (08/20/2011 04:06:50 PM) (Source: Application Error)(User: )
Description: setup.exe1.0.135.0mshtml.dll8.0.6001.1878300209d7c


=========================== Installed Programs ============================

Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Setup (Version: 1.0)
µTorrent (Version: 2.2.1)
avast! Free Antivirus (Version: 6.0.1203.0)
BitTorrentBar Toolbar
CCleaner (Version: 3.09)
Cheat Engine 6.1
COMODO Internet Security (Version: 5.5.64714.1383)
Defraggler (Version: 2.04)
DriverMax 5 (Version: 5.9.0.811)
Football Manager 2011
GIMP 2.6.11 (Version: 2.6.11)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HxD Hex Editor version 1.7.7.0 (Version: 1.7.7.0)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
LogMeIn Hamachi (Version: 2.0.3.115)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Script Debugger
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 6.0 (x86 en-GB) (Version: 6.0)
MSVCRT (Version: 14.0.1468.721)
OpenOffice.org 3.1 (Version: 3.1.9399)
Realtek High Definition Audio Driver (Version: 5.10.0.5464)
Registry Mechanic 10.0 (Version: 10.0)
RPS CRT (Version: 8.0.28)
Segoe UI (Version: 14.0.4327.805)
Sky Broadband (Version: 1.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
uTorrentBar Toolbar
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.10 (Version: 1.1.10)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1 (Version: 5.1.0715)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Yahoo! Detect
Zune Language Pack (ITA) (Version: 04.07.1404.01)
Zune Language Pack (NLD) (Version: 04.07.1404.01)
Zune Language Pack (PTB) (Version: 04.07.1404.01)
Zune Language Pack (PTG) (Version: 04.07.1404.01)

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 1014.05 MB
Available physical RAM: 574.05 MB
Total Pagefile: 2442.55 MB
Available Pagefile: 2109.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.47 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.52 GB) (Free:25.7 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-2C0EA6A532

Administrator ASPNET Cathy
Guest HelpAssistant Jamie
SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:34 AM

Posted 20 August 2011 - 09:54 PM

Remove the following:


µTorrent (Version: 2.2.1)
BitTorrentBar Toolbar
CCleaner (Version: 3.09)
Cheat Engine 6.1
COMODO Internet Security (Version: 5.5.64714.1383)
Defraggler (Version: 2.04)
DriverMax 5 (Version: 5.9.0.811)
Registry Mechanic 10.0 (Version: 10.0)
Spybot - Search & Destroy (Version: 1.6.2)
uTorrentBar Toolbar
WebFldrs XP (Version: 9.50.7523)
Zune Language Pack (ITA) (Version: 04.07.1404.01)
Zune Language Pack (NLD) (Version: 04.07.1404.01)
Zune Language Pack (PTB) (Version: 04.07.1404.01)
Zune Language Pack (PTG) (Version: 04.07.1404.01)

BC's policy on registry cleaners:

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

#5 manutdj28

manutdj28
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 20 August 2011 - 10:04 PM

Thanks for the reply , i'll get onto this now, i dont mean to question your methods, but removing Comodo?, its just extra protection right?, i mean with it being a firewall, isnt it crucial?

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:34 AM

Posted 20 August 2011 - 10:14 PM

its the full AV and Firewall pack and you have Avast.

#7 manutdj28

manutdj28
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 20 August 2011 - 10:21 PM

No it is just the firewall, its just name internet security as you have the option, to install the AV with it which i havnt as, i have Avast, Ermm uninstalled everything else except the 2 torrent toolbars as both say "could not find install.log" when i press uninstall :/

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:34 AM

Posted 20 August 2011 - 10:34 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#9 manutdj28

manutdj28
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 20 August 2011 - 10:51 PM

Right im gonna set these scans off and go to bed as its 5am here, i will post a reply here tomorrow with results, and once again thanks for your time! :)

#10 manutdj28

manutdj28
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 21 August 2011 - 08:00 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/21/2011 at 07:56 AM

Application Version : 5.0.1118

Core Rules Database Version : 7585
Trace Rules Database Version: 5397

Scan type : Complete Scan
Total Scan Time : 02:59:42

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 465
Memory threats detected : 0
Registry items scanned : 37099
Registry threats detected : 3
File items scanned : 95999
File threats detected : 44

Adware.Tracking Cookie
cdn4.specificclick.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GF382VNZ ]
ec.atdmt.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GF382VNZ ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GF382VNZ ]
m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GF382VNZ ]
m1.emea.2mdn.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GF382VNZ ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GF382VNZ ]
secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GF382VNZ ]
spe.atdmt.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GF382VNZ ]
www.naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GF382VNZ ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
www.clicksafe.lloydstsb.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
www.clicksafe.lloydstsb.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
www.clicksafe.lloydstsb.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.afe2.specificclick.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D0GF2S2V.DEFAULT\COOKIES.SQLITE ]
C:\DOCUMENTS AND SETTINGS\CATHY\COOKIES\CATHY@DOUBLECLICK[1].TXT
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C3QCSVSC ]
www.technologyquestions.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JW1XKGD6.DEFAULT\COOKIES.SQLITE ]
www.technologyquestions.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JW1XKGD6.DEFAULT\COOKIES.SQLITE ]
.technologyquestions.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JW1XKGD6.DEFAULT\COOKIES.SQLITE ]
.technologyquestions.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JW1XKGD6.DEFAULT\COOKIES.SQLITE ]
.technologyquestions.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JW1XKGD6.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JW1XKGD6.DEFAULT\COOKIES.SQLITE ]
.chitika.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JW1XKGD6.DEFAULT\COOKIES.SQLITE ]

Adware.HBHelper
HKU\S-1-5-19_Classes\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKU\S-1-5-20_Classes\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7524

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

21/08/2011 13:55:01
mbam-log-2011-08-21 (13-55-01).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 281474
Time elapsed: 2 hour(s), 47 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsfocecruvbtwg (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{73e8ff90-fd9a-40f1-b389-672e63ef93dc}\RP287\A0589066.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie\application data\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vsfocebevuegmw.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vsfoceqyintplr.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:34 AM

Posted 21 August 2011 - 08:01 AM

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic.

#12 manutdj28

manutdj28
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 21 August 2011 - 08:06 AM

GMER


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA9E19202] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAA0B18B2] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA9EA7D8C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9E3D6C1] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAA0B0E48] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA9E1B7F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA9E1B848] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAA0B1518] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA9E1B95E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA9E3D075] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA9E1B746] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAA0B0D28] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA9E1B898] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA9E1B79A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAA0B4568] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAA0B0714] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA9E1B90C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9E19226] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9E3DD87] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA9E3E03D] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA9E1BBE2] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9E3DBF2] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9E3DA5D] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9EA7E3C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9E18FF0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAA0B1110] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9E1924A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9E1BD56] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA9E19CDA] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA9E1B820] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA9E1B870] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAA0B16F4] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA9E1B988] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9E3D3D1] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA9E1B772] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9E1BA1A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA9E1B8D8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA9E1B7C8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9E1BAFE] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA9E1B936] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9EA7ED4] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9E3D8D8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xAA0B311C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9E19BA0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA9E3D72A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA9EB010E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAA0B368C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9E3C6E8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAA0B3940] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA9E1926E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA9E19292] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xAA0B1EEE] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA9E1904A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA9E19186] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9E3DE8E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9E19162] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA9E191AA] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xAA0B0B2A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xAA0B0918] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9E192B6] <-- ROOTKIT !!!

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9EBD398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + D8 804E2744 16 Bytes [F0, B7, E1, A9, 48, B8, E1, ...]
.text ntoskrnl.exe!_abnormal_termination + 114 804E2780 20 Bytes [98, B8, E1, A9, 9A, B7, E1, ...]
.text ntoskrnl.exe!_abnormal_termination + 214 804E2880 16 Bytes [20, B8, E1, A9, 70, B8, E1, ...] {AND [EAX-0x478f561f], BH; LOOPZ 0xffffffffffffffb1; HLT ; PUSH SS; OR EBP, [EDX-0x561e4678]}
.text ntoskrnl.exe!_abnormal_termination + 37C 804E29E8 4 Bytes CALL FCF80DB3
.text ntoskrnl.exe!_abnormal_termination + 395 804E2A01 11 Bytes [39, 0B, AA, 6E, 92, E1, A9, ...] {CMP [EBX], ECX; STOSB ; OUTSB ; XCHG EDX, EAX; LOOPZ 0xffffffffffffffb0; XCHG EDX, EAX; XCHG EDX, EAX; LOOPZ 0xffffffffffffffb4}
PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP A9EBA7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL A9E1A335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP A9EBD39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP A9EB8D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF68DBEBF]
.text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP A9E1CCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP A9E1CBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP A9E1BF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP A9E1CE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP A9E1D014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP A9E1CB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP A9E1BE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP A9E1C180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP A9E1C326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP A9E1BE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP A9E1CBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP A9E1C2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP A9E1CD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP A9E1CF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP A9E1BFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP A9E1C03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP A9E1C0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP A9E1C0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP A9E1BD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP A9E1BEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP A9E1C008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP A9E1C440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP A9E1CECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074CB10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[184] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[276] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[276] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[276] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[276] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[276] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[460] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[460] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[460] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\ctfmon.exe[460] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[460] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[460] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[584] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[584] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[584] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[584] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[584] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[584] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[584] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[584] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[584] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[584] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[584] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[584] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[584] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[584] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[584] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[584] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[584] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[584] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[628] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\smss.exe[752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[912] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[1000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1036] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1036] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1092] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1092] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1092] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1092] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1092] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1092] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1092] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1104] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1104] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1104] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1104] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1104] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1104] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1104] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1332] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1348] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1348] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1348] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1348] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1348] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1348] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\agrsmsvc.exe[1400] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1416] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1416] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005190B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00531040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1456] ADVAPI32.dll!DeleteService 77E374B1 5

Bytes JMP 003B0600
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1548] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1548] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1548] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1640] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1640] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cidaemon.exe[1696] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cidaemon.exe[1696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cidaemon.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[1696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cidaemon.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cidaemon.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cidaemon.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[1696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cidaemon.exe[1696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cidaemon.exe[1696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\cidaemon.exe[1696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cidaemon.exe[1696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cidaemon.exe[1696] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cidaemon.exe[1696] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cidaemon.exe[1696] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cidaemon.exe[1696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\cidaemon.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\cidaemon.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\cidaemon.exe[1696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\cidaemon.exe[1696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\cidaemon.exe[1696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\cidaemon.exe[1696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cidaemon.exe[1696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\cidaemon.exe[1696] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cidaemon.exe[1696] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1780] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1780] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1836] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1836] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1900] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[1908] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[1908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[1908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\cisvc.exe[1908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[1908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[1908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\cisvc.exe[1908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cisvc.exe[1908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cisvc.exe[1908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\cisvc.exe[1908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cisvc.exe[1908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cisvc.exe[1908] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[1908] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[1908] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\cisvc.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\cisvc.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\cisvc.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\cisvc.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\cisvc.exe[1908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\cisvc.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cisvc.exe[1908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\cisvc.exe[1908] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[1908] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\Explorer.EXE[1984] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1984] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1984] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2268] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2740] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2740] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2740] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2740] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2740] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[2740] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[2740] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[2740] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[2740] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[2740] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[2740] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[2740] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[2740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[2740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[2740] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[2740] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[2740] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wuauclt.exe[2740] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00E3CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E45680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00E3CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E426F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E43280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00E41220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00E41B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006F1014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006F0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006F0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006F0C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006F0E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006F01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006F03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006F0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00700804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AA2FB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AA28D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104B1BD2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00700A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00700600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007001F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007003FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00E4DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104B219D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00E4E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2908] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00E4E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00F27E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00F1CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F27E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F27ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F27EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00F27E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00F274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00F27E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00F27DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F27490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00F27DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00F27DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F27E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00F277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00F27530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F25680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00F1CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00F27D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F27CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F27A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00F27D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F27D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F27AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F23280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F27D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F27AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00F27B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00F27AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F27CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00F27B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F27BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00F27CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00F27C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F27C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00F27C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00F27B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00F27B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00F27BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00F27C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00F27B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00F27BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00F27C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 00F27A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!WinExec + 3 7C862510 2 Bytes [6C, 84]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00F27D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00F21220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00F21B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007D1014
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007D0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 007D0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 007D0C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 007D0E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007D01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007D03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007D0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00F27970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 00F27990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007E0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 007E0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007E0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007E01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007E03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00F2DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 00F279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 00F27A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 00F27A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 00F27A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00F2E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2968] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00F2E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2976] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[2976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2976] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2976] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2976] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[2976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[2976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[2976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[2976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[2976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\alg.exe[2976] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2976] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Jamie\My Documents\Downloads\zh4c5jne.exe[3492] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F75DB750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F75DB820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F75DB7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F75DB7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F75DB7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F75DB820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F75DB750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F75DB7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F75DB7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F75DB7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F75DB820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F75DB750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F75DB7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F75DB7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F75DB750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F75DB820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F75DB750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F75DB820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F75DB7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F75DB7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F75DB7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F75DB820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F75DB750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F75DB7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F75DB7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F75DB750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F75DB820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1092] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
IAT C:\WINDOWS\system32\services.exe[1092] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\SASDIFSV \Device\SASDIFSV F7B650E0

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\SASKUTIL \Device\SASKUTIL A8A3B210

AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Services

Service system32\drivers\vsfocegjbuheni.sys (*** hidden *** ) [SYSTEM] vsfocecruvbtwg <-- ROOTKIT !!!

---- Registry

Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg@imagepath \systemroot\system32\drivers\vsfocegjbuheni.sys
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\main@aid 10162
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\main@sid 2
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\main\injector@* vsfocewsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\modules@vsfocerk.sys \systemroot\system32\drivers\vsfocegjbuheni.sys
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\modules@vsfocecmd.dll \systemroot\system32\vsfocehvwatxhu.dll
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\modules@vsfocelog.dat \systemroot\system32\vsfoceqyintplr.dat
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\modules@vsfocewsp.dll \systemroot\system32\vsfocephoxihpx.dll
Reg HKLM\SYSTEM\ControlSet001\Services\vsfocecruvbtwg\modules@vsfoce.dat \systemroot\system32\vsfocebevuegmw.dat
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{3C9A56DA-221C-483F-A5D7-036D4FE9F4A7}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg@imagepath \systemroot\system32\drivers\vsfocegjbuheni.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\main@aid 10162
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\main@sid 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\main\injector@* vsfocewsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\modules@vsfocerk.sys \systemroot\system32\drivers\vsfocegjbuheni.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\modules@vsfocecmd.dll \systemroot\system32\vsfocehvwatxhu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\modules@vsfocelog.dat \systemroot\system32\vsfoceqyintplr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\modules@vsfocewsp.dll \systemroot\system32\vsfocephoxihpx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocecruvbtwg\modules@vsfoce.dat \systemroot\system32\vsfocebevuegmw.dat
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg@imagepath \systemroot\system32\drivers\vsfocegjbuheni.sys
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\main@aid 10162
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\main@sid 2
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\main\injector@* vsfocewsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\modules@vsfocerk.sys \systemroot\system32\drivers\vsfocegjbuheni.sys
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\modules@vsfocecmd.dll \systemroot\system32\vsfocehvwatxhu.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\modules@vsfocelog.dat \systemroot\system32\vsfoceqyintplr.dat
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\modules@vsfocewsp.dll \systemroot\system32\vsfocephoxihpx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocecruvbtwg\modules@vsfoce.dat \systemroot\system32\vsfocebevuegmw.dat
Reg HKLM\SYSTEM\ControlSet004\control\Class\{3C9A56DA-221C-483F-A5D7-036D4FE9F4A7}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg@imagepath \systemroot\system32\drivers\vsfocegjbuheni.sys
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\main@aid 10162
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\main@sid 2
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\main\injector@* vsfocewsp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\modules@vsfocerk.sys \systemroot\system32\drivers\vsfocegjbuheni.sys
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\modules@vsfocecmd.dll \systemroot\system32\vsfocehvwatxhu.dll
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\modules@vsfocelog.dat \systemroot\system32\vsfoceqyintplr.dat
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\modules@vsfocewsp.dll \systemroot\system32\vsfocephoxihpx.dll
Reg HKLM\SYSTEM\ControlSet004\Services\vsfocecruvbtwg\modules@vsfoce.dat \systemroot\system32\vsfocebevuegmw.dat
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage@DeviceInterface {53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players@DeviceInterface {F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players@FilterParameter UseExtendedWmdm
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE@DeviceInterface {25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE RNDIS
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE RNDIS@DeviceInterface {ad498944-762f-11d0-8dcb-00c04fc3358c}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS@ProgID MsScp.SCPTRANS.1

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:34 AM

Posted 21 August 2011 - 08:10 AM

Perform the steps in post 11.

#14 manutdj28

manutdj28
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 21 August 2011 - 08:15 AM

Yeah, i'll do it now , just rebooted my comp :)

#15 manutdj28

manutdj28
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 21 August 2011 - 08:19 AM

I cannot do the first step in the Malware Removal and Log Section Preparation Guide, as i do not have an other computer, a burnable disc and external drive :/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users