Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Windows has detected performance is slow"


  • Please log in to reply
26 replies to this topic

#1 stsa84

stsa84

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 16 September 2011 - 10:59 AM

Hey,

Starting about 12 hours ago, a warning box has been popping up telling me that Windows has detected that my computers performance is slow, and suggesting I switch to the basic color scheme (not Aero).

In researching this message, everybody else I found who has this problem encounters it while playing a PC game. I don't use my PC for games, and this problem happens even when no applications are running. Safe Mode is the only way I can use the Internet.

The mouse flickers and everything is going extremely slow. When not in Safe Mode, trying to open a folder or menu takes 1-2 minutes to be performed.

I have not downloaded, updated, or installed anything in the past few days. This problem started while watching a video on CNN.

I use Comodo Firewall and Avira Antivirus. Both are up to date, and scans show nothing.

Task Manager shows ~50% CPU Usage and ~1200 MB Memory. It doesn't show anything strange using up a ton of memory though (Firefox is the leader with 198,000 K).


Specs:

Windows 7 Professional 32 bit
Pentium Dual-Core E5200 2.50 GHz
4.00 GB RAM (2.99 usable)
Gigabyte G31M-ES2L - using onboard graphics


I've exhausted every means I know of of researching this problem or trying simple fixes such as updates and common scans. If anybody can assist, I would greatly appreciate it, thanks!

stsa84

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:10 AM

Posted 16 September 2011 - 01:53 PM

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Post the content in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 16 September 2011 - 08:09 PM

Hi Broni, thanks for the quick reply. The problem seems to come and go, but it's usually present. I saved the file at two different times when the computer was at a crawl, in case something showed up one time but not the other.

Trial 1:

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 50.27 0 K 24 K
System 4 5.51 52 K 1,068 K
Interrupts n/a 0.97 0 K 0 K Hardware Interrupts and DPCs
smss.exe 292 260 K 48 K
csrss.exe 440 0.05 2,300 K 1,256 K
conhost.exe 1800 836 K 104 K
csrss.exe 492 0.42 9,616 K 11,596 K
wininit.exe 500 1,192 K 128 K
services.exe 596 0.50 5,076 K 4,172 K
svchost.exe 712 0.39 3,216 K 3,276 K
igfxsrvc.exe 2416 1,980 K 2,388 K igfxsrvc Module Intel Corporation C:\Windows\system32\igfxsrvc.exe -Embedding
COCIManager.exe 2952 < 0.01 2,460 K 2,924 K Camera Control Interface Logitech Inc. "C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
wmplayer.exe 5736 0.34 81,876 K 112,764 K Windows Media Player Microsoft Corporation "C:\Program Files\Windows Media Player\wmplayer.exe" /Play -Embedding
svchost.exe 812 3,400 K 3,432 K
cmdagent.exe 876 0.05 34,204 K 3,648 K
svchost.exe 944 < 0.01 11,052 K 6,192 K
svchost.exe 988 17,136 K 10,368 K
audiodg.exe 5200 0.03 25,348 K 24,148 K
svchost.exe 1024 0.46 70,276 K 66,044 K
dwm.exe 1872 18.44 57,260 K 46,232 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
WUDFHost.exe 3492 1,792 K 2,900 K
svchost.exe 1072 0.06 19,088 K 14,108 K
UMVPFSrv.exe 1128 1,168 K 1,028 K
svchost.exe 1268 < 0.01 6,720 K 7,872 K
spoolsv.exe 1508 5,612 K 3,120 K
sched.exe 1556 3,496 K 1,040 K
svchost.exe 1588 0.26 15,876 K 11,872 K
avguard.exe 1700 0.14 114,288 K 15,280 K
avshadow.exe 1792 1,292 K 128 K
AppleMobileDeviceService.exe 1736 < 0.01 3,620 K 4,980 K
mDNSResponder.exe 1768 1,824 K 2,304 K
svchost.exe 1832 < 0.01 5,992 K 6,816 K
svchost.exe 1900 < 0.01 7,348 K 3,468 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
WLIDSVC.EXE 2000 0.01 5,372 K 2,456 K
WLIDSVCM.EXE 444 932 K 108 K
taskhost.exe 996 0.19 7,432 K 4,092 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
SearchIndexer.exe 3264 0.07 44,736 K 10,068 K
svchost.exe 3532 1,644 K 1,988 K
iPodService.exe 3824 0.01 2,208 K 2,680 K
wmpnetwk.exe 4084 0.01 12,296 K 10,748 K
svchost.exe 3008 3,920 K 3,092 K
mbamservice.exe 3252 0.01 89,124 K 22,168 K Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Users\AaronRach\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe"
svchost.exe 4760 916 K 2,992 K
lsass.exe 604 0.04 4,128 K 3,572 K
lsm.exe 616 0.01 1,764 K 1,632 K
winlogon.exe 536 1,904 K 1,780 K
explorer.exe 1448 0.19 37,452 K 43,384 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
cfp.exe 2280 0.08 21,056 K 6,924 K COMODO Internet Security COMODO "C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe" -h
avgnt.exe 2288 0.02 6,308 K 2,552 K Antivirus System Tray Tool Avira GmbH "C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe" /min
RtHDVCpl.exe 2296 7,672 K 2,248 K Realtek HD Audio Manager Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
igfxtray.exe 2304 1,740 K 1,324 K igfxTray Module Intel Corporation "C:\Windows\System32\igfxtray.exe"
hkcmd.exe 2312 1,804 K 1,728 K hkcmd Module Intel Corporation "C:\Windows\System32\hkcmd.exe"
igfxpers.exe 2320 1,532 K 1,904 K persistence Module Intel Corporation "C:\Windows\System32\igfxpers.exe"
LWS.exe 2356 4,172 K 1,160 K Logitech Webcam Software Logitech Inc. "C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe" -hide
CameraHelperShell.exe 2564 0.12 14,192 K 4,124 K Webcam Controller Logitech Inc. "C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe" /hide
jusched.exe 2652 1,208 K 312 K Java™ Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
iTunesHelper.exe 2748 < 0.01 5,388 K 5,248 K iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
mbamgui.exe 2880 2,092 K 528 K Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Users\AaronRach\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
firefox.exe 2336 1.83 280,268 K 321,948 K Firefox Mozilla Corporation "C:\Program Files\Internet & Security\Firefox\firefox.exe"
plugin-container.exe 1936 3.83 90,860 K 100,940 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files\Internet & Security\Firefox\plugin-container.exe" --channel=2336.dae14d0.724109971 "C:\Windows\system32\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0.2 -greomni "C:\Program Files\Internet & Security\Firefox\omni.jar" 2336 "\\.\pipe\gecko-crash-server-pipe.2336" plugin
procexp.exe 4992 9.19 14,108 K 40,288 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\AARONR~1\AppData\Local\Temp\Rar$EX00.987\procexp.exe"



Trial 2

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 52.24 0 K 24 K
System 4 5.65 52 K 1,068 K
Interrupts n/a 0.58 0 K 0 K Hardware Interrupts and DPCs
smss.exe 292 260 K 48 K
csrss.exe 440 < 0.01 2,300 K 1,260 K
conhost.exe 1800 836 K 104 K
csrss.exe 492 0.23 9,616 K 11,692 K
wininit.exe 500 1,192 K 128 K
services.exe 596 0.01 5,048 K 4,176 K
svchost.exe 712 0.31 3,188 K 3,252 K
igfxsrvc.exe 2416 < 0.01 1,980 K 2,388 K igfxsrvc Module Intel Corporation C:\Windows\system32\igfxsrvc.exe -Embedding
COCIManager.exe 2952 0.01 2,460 K 2,992 K Camera Control Interface Logitech Inc. "C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
svchost.exe 812 3,344 K 3,400 K
cmdagent.exe 876 0.04 34,188 K 2,632 K
svchost.exe 944 < 0.01 11,052 K 6,196 K
svchost.exe 988 < 0.01 17,212 K 10,556 K
audiodg.exe 5200 18,340 K 17,472 K
svchost.exe 1024 0.84 67,400 K 63,348 K
dwm.exe 1872 22.67 49,604 K 44,308 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
WUDFHost.exe 3492 1,792 K 2,916 K
svchost.exe 1072 0.01 19,092 K 14,192 K
UMVPFSrv.exe 1128 1,168 K 1,028 K
svchost.exe 1268 < 0.01 6,748 K 7,884 K
spoolsv.exe 1508 5,568 K 3,108 K
sched.exe 1556 3,496 K 1,040 K
svchost.exe 1588 < 0.01 15,892 K 12,020 K
avguard.exe 1700 < 0.01 114,288 K 14,744 K
avshadow.exe 1792 1,292 K 128 K
AppleMobileDeviceService.exe 1736 < 0.01 3,620 K 4,980 K
mDNSResponder.exe 1768 1,824 K 2,304 K
svchost.exe 1832 6,052 K 6,956 K
svchost.exe 1900 < 0.01 7,348 K 3,468 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
WLIDSVC.EXE 2000 < 0.01 5,372 K 2,456 K
WLIDSVCM.EXE 444 932 K 108 K
taskhost.exe 996 0.22 7,604 K 4,232 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
SearchIndexer.exe 3264 0.01 44,204 K 9,212 K
svchost.exe 3532 1,644 K 1,988 K
iPodService.exe 3824 0.02 2,208 K 2,680 K
wmpnetwk.exe 4084 < 0.01 12,296 K 10,988 K
svchost.exe 3008 3,892 K 3,080 K
mbamservice.exe 3252 89,124 K 22,172 K Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Users\AaronRach\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe"
svchost.exe 5128 916 K 2,984 K
lsass.exe 604 0.03 4,092 K 3,604 K
lsm.exe 616 < 0.01 1,764 K 1,612 K
winlogon.exe 536 1,904 K 1,780 K
explorer.exe 1448 0.45 37,376 K 46,720 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
cfp.exe 2280 0.07 21,152 K 7,052 K COMODO Internet Security COMODO "C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe" -h
avgnt.exe 2288 0.01 6,340 K 2,584 K Antivirus System Tray Tool Avira GmbH "C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe" /min
RtHDVCpl.exe 2296 7,672 K 2,248 K Realtek HD Audio Manager Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
igfxtray.exe 2304 < 0.01 1,740 K 1,324 K igfxTray Module Intel Corporation "C:\Windows\System32\igfxtray.exe"
hkcmd.exe 2312 < 0.01 1,804 K 1,728 K hkcmd Module Intel Corporation "C:\Windows\System32\hkcmd.exe"
igfxpers.exe 2320 < 0.01 1,532 K 1,904 K persistence Module Intel Corporation "C:\Windows\System32\igfxpers.exe"
LWS.exe 2356 < 0.01 4,172 K 1,160 K Logitech Webcam Software Logitech Inc. "C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe" -hide
CameraHelperShell.exe 2564 0.10 14,192 K 4,124 K Webcam Controller Logitech Inc. "C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe" /hide
jusched.exe 2652 1,208 K 312 K Java™ Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
iTunesHelper.exe 2748 < 0.01 5,388 K 5,248 K iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
mbamgui.exe 2880 2,092 K 528 K Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Users\AaronRach\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
firefox.exe 2336 0.47 281,312 K 322,804 K Firefox Mozilla Corporation "C:\Program Files\Internet & Security\Firefox\firefox.exe"
plugin-container.exe 1936 5.16 91,932 K 102,432 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files\Internet & Security\Firefox\plugin-container.exe" --channel=2336.dae14d0.724109971 "C:\Windows\system32\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0.2 -greomni "C:\Program Files\Internet & Security\Firefox\omni.jar" 2336 "\\.\pipe\gecko-crash-server-pipe.2336" plugin
procexp.exe 4992 10.66 14,388 K 40,688 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\AARONR~1\AppData\Local\Temp\Rar$EX00.987\procexp.exe"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:10 AM

Posted 16 September 2011 - 08:47 PM

Yeah something is not right.

Check Primary and Secondary IDE settings: Device Manager -> IDE ATA/ATAPI controllers -> Primary or Secondary IDE Channel -> Properties -> Advanced Settings. Look at the Current Transfer Mode field.
See, if it's in PIO mode instead of DMA mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 16 September 2011 - 09:47 PM

There are 4 ATA channels listed: 2 ATA Channel 0 and 2 ATA Channel 1. Both of the Channel 0's are in DMA mode, one of the Channel 1's in in DMA mode, and the other Channel 1 is not in any mode.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:10 AM

Posted 16 September 2011 - 11:46 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 17 September 2011 - 09:34 AM

I don't know why the problem comes and goes. The computer will run fine for an hour or so, then be almost unusable for another few hours. This morning it's worked perfectly (although Firefox got started and stuck in Safe Mode for some reason, which a restart fixed), but last night it was terrible. Anyway, here are the scan logs:





Security Check

Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader 9.4.6
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Internet & Security Avira Antivirus Avira AntiVir Desktop\sched.exe
Internet & Security Avira Antivirus Avira AntiVir Desktop\avshadow.exe
``````````End of Log````````````



MiniToolBox

MiniToolBox by Farbar
Ran by AaronRach (administrator) on 17-09-2011 at 09:57:35
Windows 7 Professional Service Pack 1 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AaronRach-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-24-1D-18-81-31
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9936:1834:d0f3:18af%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 17, 2011 9:52:41 AM
Lease Expires . . . . . . . . . . : Tuesday, October 24, 2147 4:25:50 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234890269
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-8B-C9-AB-00-24-1D-18-81-31
DNS Servers . . . . . . . . . . . : 192.168.2.1
68.87.68.166
68.87.74.166
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3073:3785:3f57:fdfc(Preferred)
Link-local IPv6 Address . . . . . : fe80::3073:3785:3f57:fdfc%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.67.99
74.125.67.99


Pinging google.com [74.125.45.99] with 32 bytes of data:
Reply from 74.125.45.99: bytes=32 time=20ms TTL=53
Reply from 74.125.45.99: bytes=32 time=19ms TTL=53

Ping statistics for 74.125.45.99:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 20ms, Average = 19ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 67.195.160.76
67.195.160.76


Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=26ms TTL=52
Reply from 69.147.125.65: bytes=32 time=27ms TTL=52

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 27ms, Average = 26ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 24 1d 18 81 31 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.3 276
192.168.2.3 255.255.255.255 On-link 192.168.2.3 276
192.168.2.255 255.255.255.255 On-link 192.168.2.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:3073:3785:3f57:fdfc/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::3073:3785:3f57:fdfc/128
On-link
10 276 fe80::9936:1834:d0f3:18af/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/16/2011 01:52:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/16/2011 10:36:58 AM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description: The keyfile contains no valid license. The service will be stopped!

Error: (09/16/2011 10:36:58 AM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description: An unknown error occurred during init of the engine!
Returned error code: 0x35

Error: (09/16/2011 10:07:35 AM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description: The keyfile contains no valid license. The service will be stopped!

Error: (09/16/2011 10:07:35 AM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description: An unknown error occurred during init of the engine!
Returned error code: 0x35

Error: (09/16/2011 09:38:16 AM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description: The keyfile contains no valid license. The service will be stopped!

Error: (09/16/2011 09:38:16 AM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description: An unknown error occurred during init of the engine!
Returned error code: 0x35

Error: (09/16/2011 09:36:31 AM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description: The keyfile contains no valid license. The service will be stopped!

Error: (09/16/2011 09:36:31 AM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description: An unknown error occurred during init of the engine!
Returned error code: 0x35

Error: (09/16/2011 09:30:36 AM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description: The keyfile contains no valid license. The service will be stopped!


System errors:
=============
Error: (09/17/2011 09:53:09 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/17/2011 09:52:46 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/17/2011 09:52:44 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/17/2011 09:21:55 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/17/2011 09:21:30 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/17/2011 09:21:29 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/17/2011 06:39:52 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/17/2011 06:39:44 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/17/2011 06:39:44 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/17/2011 06:39:44 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (09/16/2011 01:52:54 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/16/2011 10:36:58 AM) (Source: Avira AntiVir)(User: SYSTEM)SYSTEM
Description:

Error: (09/16/2011 10:36:58 AM) (Source: Avira AntiVir)(User: SYSTEM)SYSTEM
Description: 0x35

Error: (09/16/2011 10:07:35 AM) (Source: Avira AntiVir)(User: SYSTEM)SYSTEM
Description:

Error: (09/16/2011 10:07:35 AM) (Source: Avira AntiVir)(User: SYSTEM)SYSTEM
Description: 0x35

Error: (09/16/2011 09:38:16 AM) (Source: Avira AntiVir)(User: SYSTEM)SYSTEM
Description:

Error: (09/16/2011 09:38:16 AM) (Source: Avira AntiVir)(User: SYSTEM)SYSTEM
Description: 0x35

Error: (09/16/2011 09:36:31 AM) (Source: Avira AntiVir)(User: SYSTEM)SYSTEM
Description:

Error: (09/16/2011 09:36:31 AM) (Source: Avira AntiVir)(User: SYSTEM)SYSTEM
Description: 0x35

Error: (09/16/2011 09:30:36 AM) (Source: Avira AntiVir)(User: SYSTEM)SYSTEM
Description:


=========================== Installed Programs ============================

AC3Filter 1.63b (Version: 1.63b)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.23)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader 9.4.6 (Version: 9.4.6)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Amazon MP3 Downloader 1.0.10
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.700)
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bonjour (Version: 3.0.0.2)
CameraHelperMsi (Version: 13.25.1010.0)
Canon MP495 series MP Drivers
Canon MP495 series User Registration
COMODO Internet Security (Version: 4.0.10770.828)
COMODO livePCsupport (Version: 3.0.133262.11)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Coupon Printer for Windows (Version: 5.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
erLT (Version: 1.20.138.34)
Haali Media Splitter
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
K-Lite Codec Pack 6.0.0 (Basic) (Version: 6.0.0)
LAME v3.98.2 for Audacity
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.20.1166.0)
LWS Gallery (Version: 13.20.1166.0)
LWS Help_main (Version: 13.25.1016.0)
LWS Launcher (Version: 13.20.1166.0)
LWS Motion Detection (Version: 13.20.1176.0)
LWS Pictures And Video (Version: 13.25.1010.0)
LWS Twitter (Version: 13.20.1166.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.25.1005.0)
LWS Webcam Software (Version: 13.20.1168.0)
LWS WLM Plugin (Version: 1.20.1166.0)
LWS YouTube Plugin (Version: 13.20.1166.0)
Matroska Pack
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 4.0b8 (x86 en-US) (Version: 4.0b8)
Mozilla Firefox 6.0.2 (x86 en-US) (Version: 6.0.2)
MSVCRT (Version: 15.4.2862.0708)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDF Settings CS5 (Version: 10.0)
Picasa 3 (Version: 3.8)
PS3 Media Server
QuickTime (Version: 7.70.80.34)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.17.304.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6077)
Skype Toolbars (Version: 5.3.7555)
Skype™ 5.3 (Version: 5.3.120)
Spotify (Version: 0.5.2)
StreamTorrent 1.0
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 3061.49 MB
Available physical RAM: 1763.2 MB
Total Pagefile: 6121.27 MB
Available Pagefile: 4808.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.51 MB

========================= Partitions: =====================================

1 Drive c: (System) (Fixed) (Total:97.65 GB) (Free:28.62 GB) NTFS
2 Drive d: (Media) (Fixed) (Total:600.97 GB) (Free:143.85 GB) NTFS
4 Drive z: (Storage) (Fixed) (Total:186.31 GB) (Free:186.2 GB) NTFS

========================= Users: ========================================

User accounts for \\AARONRACH-PC

AaronRach Administrator Guest


**** End of log ****


MBAM

All that showed up was an entry for a riskware.tool.ck. I quarantined and deleted it, and after a restart and rescan, MBAM found nothing.


GMER

Not sure if I accidentally did the full scan. Attached first is what showed up when the program first opened. Attached second is what resulted after clicking "Scan"

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-17 10:29:24
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD7500AACS-00D6B0 rev.01.01A01
Running: thv9xd0e.exe; Driver: C:\Users\AARONR~1\AppData\Local\Temp\axloquog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-17 10:28:47
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD7500AACS-00D6B0 rev.01.01A01
Running: thv9xd0e.exe; Driver: C:\Users\AARONR~1\AppData\Local\Temp\axloquog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x9023BDA4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x9023D34C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x9023BF90]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x9023B0CE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x9023BA0A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x9023AFAE]
SSDT 901F09BE ZwCreateSection
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x9023CFDE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x9023A99A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x9023C09E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x9023C9EE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x9023B396]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x9023BBE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x9023B63A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x9023C48A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x9023C73E]
SSDT 901F09C3 ZwSetContextThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x9023CCE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x9023B300]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x9023B526]
SSDT 901F095F ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x9023AB9E]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C41349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82C81D8C 4 Bytes [A4, BD, 23, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82C81DB4 8 Bytes [4C, D3, 23, 90, 90, BF, 23, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82C81E48 4 Bytes [CE, B0, 23, 90] {INTO ; MOV AL, 0x23; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82C81E64 4 Bytes [0A, BA, 23, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11DB 82C81E90 4 Bytes [AE, AF, 23, 90]
.text ...
? System32\drivers\yxalv.sys The system cannot find the path specified. !
PAGE peauth.sys 966C902C 102 Bytes [10, EA, 47, D7, AF, 04, 63, ...]
.text kernel32.dll!CreateProcessW 778F204D 5 Bytes [E9, 9E, 06, 73, 98] {JMP 0xffffffff987306a3}
.text kernel32.dll!CreateProcessA 778F2082 5 Bytes [E9, F9, 11, 73, 98] {JMP 0xffffffff987311fe}
.text kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes [E9, 6C, B8, 6F, 98] {JMP 0xffffffff986fb871}
.text ole32.dll!CoGetClassObject 777C54AD 5 Bytes [E9, 1E, 8D, 86, 98] {JMP 0xffffffff98868d23}
.text ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes [E9, BD, 46, 85, 98] {JMP 0xffffffff988546c2}
.text advapi32.dll!CreateProcessAsUserA 775F2538 5 Bytes [E9, 13, F6, A2, 98] {JMP 0xffffffff98a2f618}
.text user32.dll!EndTask 7628FD66 5 Bytes [E9, 25, E2, D9, 99] {JMP 0xffffffff99d9e22a}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[336] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[336] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[336] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[336] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[336] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[336] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[336] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[336] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[344] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[344] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[344] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[344] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[344] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[344] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[344] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[344] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[384] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[384] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[384] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[384] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[384] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[384] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[384] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[384] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[384] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[384] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[504] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[504] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[504] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[504] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[504] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[504] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[504] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[504] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[504] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[504] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[512] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[512] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[512] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[512] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[512] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[512] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtAlpcSendWaitReceivePort 77B35418 5 Bytes JMP 100285D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[568] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[568] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[568] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[568] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[568] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[568] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[568] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[628] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[628] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[628] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[628] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[628] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[636] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[636] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[636] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[636] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[636] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[636] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[636] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[636] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[744] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[744] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[744] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[744] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[744] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[744] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[828] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe[884] ntdll.dll!NtAllocateVirtualMemory 77B352D8 5 Bytes JMP 005190B0 C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe[884] ntdll.dll!NtCreateFile 77B355C8 5 Bytes JMP 00531040 C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1004] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1004] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1048] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1048] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1092] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1092] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1092] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1128] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1128] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1128] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1128] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1128] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1128] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1128] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1128] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1128] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1128] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1208] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1208] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1208] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1208] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1208] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1208] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1208] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1208] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1208] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1208] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1284] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1284] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1284] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1284] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1284] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1512] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1512] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1512] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1512] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1512] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1512] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1512] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1512] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1512] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1512] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1552] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1552] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1552] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1552] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1552] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1552] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1552] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1552] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1604] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1604] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1604] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1604] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1604] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1604] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1752] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1752] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1752] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1752] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1752] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1752] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1752] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1752] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1752] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1752] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1780] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1780] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1780] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1780] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1780] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1780] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1780] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1780] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1872] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1872] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1872] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1872] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1872] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1872] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1872] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1872] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1872] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1872] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[1904] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[1904] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[1904] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[1904] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[1904] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[1904] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[1904] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[1904] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[1904] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[1904] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1912] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1912] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1912] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1912] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1912] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1912] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1912] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1912] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1912] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1912] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1980] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[2008] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[2008] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[2008] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[2008] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[2008] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[2008] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[2008] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[2008] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[2008] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[2008] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2024] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2024] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2024] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2024] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2024] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\thv9xd0e.exe[2148] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\thv9xd0e.exe[2148] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\thv9xd0e.exe[2148] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\thv9xd0e.exe[2148] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\thv9xd0e.exe[2148] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\thv9xd0e.exe[2148] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\thv9xd0e.exe[2148] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\thv9xd0e.exe[2148] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\thv9xd0e.exe[2148] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\thv9xd0e.exe[2148] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2660] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2660] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2660] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2660] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2660] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2660] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2660] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2660] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2660] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2660] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamservice.exe[2824] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamservice.exe[2824] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamservice.exe[2824] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamservice.exe[2824] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamservice.exe[2824] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamservice.exe[2824] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamservice.exe[2824] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamservice.exe[2824] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamservice.exe[2824] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamservice.exe[2824] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2844] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2844] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2844] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2844] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2844] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2844] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2844] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2844] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2844] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[2980] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[2980] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[2980] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[2980] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[2980] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[2980] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[2980] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[2980] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[2980] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[2980] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3064] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3064] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3064] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3064] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3064] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3064] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3064] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3064] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3064] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3064] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3084] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 0055CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3084] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 0055CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3084] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 00565680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3084] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 005626F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3084] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 00563280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3084] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 00561220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3084] USER32.dll!EndTask 7628FD66 5 Bytes JMP 0056DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3084] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 00561B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3084] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 0056E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3084] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 0056E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3144] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 0116CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3144] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 0116CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3144] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 01175680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3144] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 011726F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3144] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 01173280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3144] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 01171220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3144] USER32.dll!EndTask 7628FD66 5 Bytes JMP 0117DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3144] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 01171B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3144] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 0117E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3144] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 0117E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3160] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3160] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3160] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3160] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3160] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3160] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3160] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3160] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3160] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3160] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3388] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3388] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3388] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3388] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3388] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3388] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3388] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3388] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3388] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3388] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3508] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3508] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3508] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3508] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3508] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3508] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3508] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3508] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3508] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3508] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3524] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3524] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3524] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3524] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3524] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3524] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3524] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3524] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3524] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3524] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3540] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3540] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3540] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3540] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3540] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3540] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3540] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3540] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamgui.exe[3568] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamgui.exe[3568] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamgui.exe[3568] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamgui.exe[3568] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamgui.exe[3568] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamgui.exe[3568] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamgui.exe[3568] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamgui.exe[3568] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3628] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3628] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3628] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3628] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3628] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3628] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3628] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3628] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3628] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3628] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3716] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3716] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3716] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3716] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3716] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3716] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3716] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3716] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3716] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3716] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3772] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3772] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3772] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3772] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3772] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3772] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3772] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3772] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3772] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3772] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3804] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3804] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3804] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3804] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3804] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3804] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3804] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3804] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3804] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3804] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\NOTEPAD.EXE[5344] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\NOTEPAD.EXE[5344] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\NOTEPAD.EXE[5344] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\NOTEPAD.EXE[5344] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\NOTEPAD.EXE[5344] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\NOTEPAD.EXE[5344] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\NOTEPAD.EXE[5344] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\NOTEPAD.EXE[5344] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\NOTEPAD.EXE[5344] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\NOTEPAD.EXE[5344] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5752] ntdll.dll!NtClose 77B354C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5752] ntdll.dll!LdrUnloadDll 77B4C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5752] ntdll.dll!LdrLoadDll 77B522B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5752] kernel32.dll!CreateProcessW 778F204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5752] kernel32.dll!CreateProcessA 778F2082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5752] kernel32.dll!CreateProcessAsUserW 779259AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5752] ole32.dll!CoGetClassObject 777C54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5752] ole32.dll!CoCreateInstanceEx 777D9D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5752] USER32.dll!EndTask 7628FD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5752] ADVAPI32.dll!CreateProcessAsUserA 775F2538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74472437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74455600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744556BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744724B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74468514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74464CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7446506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74465144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74466671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7446826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744687BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7446901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7446E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74464BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Threads - GMER 1.0.15 ----

Thread System [4:5936] B7843F2E

---- EOF - GMER 1.0.15 ----

Edited by stsa84, 17 September 2011 - 09:38 AM.


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:10 AM

Posted 17 September 2011 - 11:10 AM

OK, I can see couple of issues so far.

1. There is a lot of errors regarding Avira having problems starting its services.
You may want to reinstall it, but don't do it yet.

2. "hosts" file seems to be missing.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

3. Something suspicious in GMER log.
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 17 September 2011 - 11:25 AM

System Look

SystemLook 30.07.11 by jpshortstuff
Log created at 12:21 on 17/09/2011 by AaronRach
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts.old --a---- 1412 bytes [02:04 14/07/2009] [01:33 25/04/2011]
lmhosts.sam --a---- 3683 bytes [02:05 14/07/2009] [21:39 10/06/2009]
networks --a---- 407 bytes [02:04 14/07/2009] [21:39 10/06/2009]
protocol --a---- 1358 bytes [02:04 14/07/2009] [21:39 10/06/2009]
services --a---- 17463 bytes [02:04 14/07/2009] [21:39 10/06/2009]

---Folders---
None found.

-= EOF =-


Rootkit Unhooker

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x90E31000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5279744 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81E1E000 C:\Windows\system32\DRIVERS\lvuvc.sys 4329472 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x82C03000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82C03000 PnpManager 4268032 bytes
0x82C03000 RAW 4268032 bytes
0x82C03000 WMIxWDM 4268032 bytes
0x96C3E000 C:\Windows\system32\drivers\RTKVHDA.sys 3043328 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x98180000 Win32k 2416640 bytes
0x98180000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B631000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x8B262000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x9133A000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B482000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x832F6000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x966BD000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x822D5000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83216000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8B02D000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x90A7E000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8B40E000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x90313000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x967A4000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x96754000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x98040000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x91811000 C:\Windows\system32\drivers\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B15B000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B0AC000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x96677000 C:\Windows\system32\DRIVERS\lvrs.sys 286720 bytes (Logitech Inc., Logitech Kernel Audio Improvement Filter Driver)
0xB78A5000 C:\Windows\system32\DRIVERS\Rt86win7.sys 282624 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x96622000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x832B4000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90A1D000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B7B5000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x9022E000 C:\Windows\System32\DRIVERS\cmdguard.sys 253952 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0x8B539000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x823A8000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x90B62000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83015000 ACPI_HAL 225280 bytes
0x83015000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8B21D000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x919A8000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8B5B4000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x9036D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B77B000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x96F25000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x9186B000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8B600000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8B391000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B105000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8B1D1000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x90B08000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8B3CF000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B577000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x833AF000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x82385000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x91934000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x96C00000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x90B2F000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90286000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x833D2000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x90E00000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x903A6000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x98020000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x82266000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x823E3000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90200000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x82298000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xB788C000 C:\Users\AARONR~1\AppData\Local\Temp\axloquog.sys 102400 bytes
0x8235A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x96F54000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x90AE2000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x918BA000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x918A2000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x91911000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91956000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x82281000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0x9196E000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x91985000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x902E5000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x96FB8000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x903C5000 C:\Windows\system32\DRIVERS\inspect.sys 90112 bytes (COMODO, COMODO Internet Security Firewall Driver)
0x8B1BB000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x96FD1000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x8B3BC000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x822C2000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9021A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8B000000 00000092 73728 bytes
0x918FF000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x90B50000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x82373000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B000000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x8B5E6000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x96FA3000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B251000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x96666000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8B13A000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8329B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x903E9000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x822B2000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B59C000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8B14B000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9185C000 C:\Windows\system32\drivers\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x90AFA000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x903DB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x902D7000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B1AD000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B46B000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x919DC000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8223F000 C:\Windows\System32\Drivers\usbaapl.sys 57344 bytes (Apple, Inc., Apple Mobile Device USB Driver)
0x8224D000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
0x8B09E000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x833A1000 C:\Windows\System32\drivers\yxalv.sys 57344 bytes
0x918F2000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x96F82000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x918DF000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x918D2000 C:\Windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x81E11000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x902A7000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x90A72000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x902FC000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x9027A000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x90308000 C:\Windows\System32\DRIVERS\cmdhlp.sys 45056 bytes (COMODO, COMODO Internet Security Helper Driver)
0x96F8F000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x96F77000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x902CC000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91929000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8225B000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
0x90E1F000 C:\Windows\system32\drivers\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8B12F000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x96F6D000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x90A68000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90A5E000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9199C000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x81E07000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x91898000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8B01B000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xB7883000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8B012000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xB78F3000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x96F9A000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8B479000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x983E0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B7AC000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8B0F4000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x832AC000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B5AC000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8B0FD000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x902B4000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x902BC000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x902C4000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B7F4000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x90273000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8B1A6000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x9026C000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x81E00000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x9039F000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x918EC000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x903FA000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x96FB4000 C:\Windows\system32\DRIVERS\lvbusflt.sys 16384 bytes (Logitech Inc., Logitech USB Video Class Filter Driver)
0x96C21000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x919A6000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x96FCF000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:10 AM

Posted 17 September 2011 - 11:35 AM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 17 September 2011 - 12:07 PM

TDS scan came up empty.


2011/09/17 13:07:19.0064 4540 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/17 13:07:19.0375 4540 ================================================================================
2011/09/17 13:07:19.0375 4540 SystemInfo:
2011/09/17 13:07:19.0375 4540
2011/09/17 13:07:19.0375 4540 OS Version: 6.1.7601 ServicePack: 1.0
2011/09/17 13:07:19.0375 4540 Product type: Workstation
2011/09/17 13:07:19.0376 4540 ComputerName: AARONRACH-PC
2011/09/17 13:07:19.0376 4540 UserName: AaronRach
2011/09/17 13:07:19.0376 4540 Windows directory: C:\Windows
2011/09/17 13:07:19.0376 4540 System windows directory: C:\Windows
2011/09/17 13:07:19.0376 4540 Processor architecture: Intel x86
2011/09/17 13:07:19.0376 4540 Number of processors: 2
2011/09/17 13:07:19.0376 4540 Page size: 0x1000
2011/09/17 13:07:19.0376 4540 Boot type: Normal boot
2011/09/17 13:07:19.0376 4540 ================================================================================
2011/09/17 13:07:20.0351 4540 Initialize success
2011/09/17 13:07:21.0783 4316 ================================================================================
2011/09/17 13:07:21.0783 4316 Scan started
2011/09/17 13:07:21.0783 4316 Mode: Manual;
2011/09/17 13:07:21.0783 4316 ================================================================================
2011/09/17 13:07:22.0659 4316 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/09/17 13:07:22.0714 4316 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
2011/09/17 13:07:22.0760 4316 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/09/17 13:07:22.0812 4316 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/09/17 13:07:22.0878 4316 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/17 13:07:22.0897 4316 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/17 13:07:22.0923 4316 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/17 13:07:22.0981 4316 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/09/17 13:07:23.0022 4316 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/09/17 13:07:23.0055 4316 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/09/17 13:07:23.0106 4316 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/09/17 13:07:23.0151 4316 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/09/17 13:07:23.0168 4316 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/09/17 13:07:23.0194 4316 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/17 13:07:23.0221 4316 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/17 13:07:23.0252 4316 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/09/17 13:07:23.0274 4316 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/17 13:07:23.0305 4316 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/09/17 13:07:23.0367 4316 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/09/17 13:07:23.0442 4316 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/09/17 13:07:23.0467 4316 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/17 13:07:23.0494 4316 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/17 13:07:23.0519 4316 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/09/17 13:07:23.0584 4316 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
2011/09/17 13:07:23.0627 4316 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/17 13:07:23.0748 4316 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/17 13:07:23.0795 4316 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/09/17 13:07:23.0853 4316 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/09/17 13:07:23.0899 4316 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/09/17 13:07:23.0945 4316 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/17 13:07:24.0001 4316 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/17 13:07:24.0033 4316 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/17 13:07:24.0065 4316 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/17 13:07:24.0101 4316 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/09/17 13:07:24.0124 4316 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/17 13:07:24.0156 4316 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/17 13:07:24.0176 4316 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/17 13:07:24.0204 4316 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/17 13:07:24.0240 4316 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/17 13:07:24.0298 4316 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/09/17 13:07:24.0356 4316 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/17 13:07:24.0393 4316 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/09/17 13:07:24.0441 4316 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/17 13:07:24.0483 4316 cmdGuard (5a4d5c5c53e0be9c98c126f01fa01599) C:\Windows\system32\DRIVERS\cmdguard.sys
2011/09/17 13:07:24.0512 4316 cmdHlp (ffc3347c03c253b55d8ca5f3c94ddade) C:\Windows\system32\DRIVERS\cmdhlp.sys
2011/09/17 13:07:24.0552 4316 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/09/17 13:07:24.0586 4316 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/09/17 13:07:24.0608 4316 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/17 13:07:24.0661 4316 CompFilter (f77390678b3c2fa7ed82ea034d582355) C:\Windows\system32\DRIVERS\lvbusflt.sys
2011/09/17 13:07:24.0724 4316 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/09/17 13:07:24.0760 4316 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/17 13:07:24.0821 4316 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/09/17 13:07:24.0894 4316 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/09/17 13:07:24.0926 4316 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/09/17 13:07:24.0965 4316 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/09/17 13:07:25.0021 4316 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/09/17 13:07:25.0060 4316 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/17 13:07:25.0147 4316 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/09/17 13:07:25.0231 4316 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/17 13:07:25.0268 4316 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/09/17 13:07:25.0317 4316 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/09/17 13:07:25.0347 4316 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/09/17 13:07:25.0390 4316 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/17 13:07:25.0424 4316 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/09/17 13:07:25.0451 4316 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/09/17 13:07:25.0474 4316 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/17 13:07:25.0504 4316 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/09/17 13:07:25.0535 4316 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/09/17 13:07:25.0566 4316 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/17 13:07:25.0604 4316 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/17 13:07:25.0642 4316 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/17 13:07:25.0681 4316 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\Windows\gdrv.sys
2011/09/17 13:07:25.0720 4316 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/17 13:07:25.0759 4316 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/17 13:07:25.0807 4316 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/09/17 13:07:25.0826 4316 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/17 13:07:25.0858 4316 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/17 13:07:25.0893 4316 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/17 13:07:25.0943 4316 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/09/17 13:07:25.0998 4316 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/17 13:07:26.0030 4316 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/09/17 13:07:26.0077 4316 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/17 13:07:26.0126 4316 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/09/17 13:07:26.0178 4316 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/09/17 13:07:26.0322 4316 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/17 13:07:26.0377 4316 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/17 13:07:26.0430 4316 inspect (5f2116fbf97a557b5adee8761d0b9c48) C:\Windows\system32\DRIVERS\inspect.sys
2011/09/17 13:07:26.0529 4316 IntcAzAudAddService (c5df8a7fdc75019bf8d8aa4b56be85c0) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/17 13:07:26.0567 4316 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/09/17 13:07:26.0600 4316 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/17 13:07:26.0630 4316 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/17 13:07:26.0668 4316 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/17 13:07:26.0698 4316 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/09/17 13:07:26.0738 4316 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/09/17 13:07:26.0782 4316 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/09/17 13:07:26.0818 4316 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/09/17 13:07:26.0857 4316 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/09/17 13:07:26.0908 4316 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/09/17 13:07:26.0960 4316 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/17 13:07:26.0988 4316 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/17 13:07:27.0042 4316 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/17 13:07:27.0103 4316 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/17 13:07:27.0127 4316 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/17 13:07:27.0154 4316 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/17 13:07:27.0176 4316 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/17 13:07:27.0202 4316 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/09/17 13:07:27.0262 4316 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/09/17 13:07:27.0307 4316 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys
2011/09/17 13:07:27.0454 4316 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/09/17 13:07:27.0525 4316 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
2011/09/17 13:07:27.0574 4316 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/17 13:07:27.0604 4316 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/17 13:07:27.0636 4316 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/09/17 13:07:27.0669 4316 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/17 13:07:27.0726 4316 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/09/17 13:07:27.0759 4316 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/17 13:07:27.0794 4316 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/09/17 13:07:27.0834 4316 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/09/17 13:07:27.0865 4316 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/17 13:07:27.0916 4316 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/09/17 13:07:27.0950 4316 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/17 13:07:27.0995 4316 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/17 13:07:28.0019 4316 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/17 13:07:28.0047 4316 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/09/17 13:07:28.0077 4316 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/09/17 13:07:28.0143 4316 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
2011/09/17 13:07:28.0169 4316 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/09/17 13:07:28.0189 4316 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/17 13:07:28.0213 4316 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/09/17 13:07:28.0269 4316 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/17 13:07:28.0302 4316 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/17 13:07:28.0318 4316 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/09/17 13:07:28.0351 4316 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/09/17 13:07:28.0390 4316 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/09/17 13:07:28.0421 4316 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/09/17 13:07:28.0448 4316 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/17 13:07:28.0479 4316 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/09/17 13:07:28.0523 4316 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/17 13:07:28.0582 4316 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/09/17 13:07:28.0607 4316 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/17 13:07:28.0639 4316 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/17 13:07:28.0679 4316 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/17 13:07:28.0719 4316 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/17 13:07:28.0753 4316 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/09/17 13:07:28.0787 4316 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/17 13:07:28.0838 4316 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/17 13:07:28.0909 4316 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/17 13:07:28.0936 4316 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/09/17 13:07:28.0970 4316 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/17 13:07:29.0038 4316 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/09/17 13:07:29.0070 4316 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/09/17 13:07:29.0118 4316 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/09/17 13:07:29.0157 4316 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/09/17 13:07:29.0204 4316 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/09/17 13:07:29.0241 4316 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/09/17 13:07:29.0303 4316 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/09/17 13:07:29.0336 4316 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/09/17 13:07:29.0364 4316 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/09/17 13:07:29.0396 4316 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/09/17 13:07:29.0431 4316 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/09/17 13:07:29.0465 4316 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/17 13:07:29.0494 4316 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/09/17 13:07:29.0534 4316 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/09/17 13:07:29.0641 4316 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/17 13:07:29.0657 4316 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/09/17 13:07:29.0712 4316 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/17 13:07:29.0763 4316 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/17 13:07:29.0814 4316 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/17 13:07:29.0848 4316 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/17 13:07:29.0879 4316 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/17 13:07:29.0904 4316 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/17 13:07:29.0934 4316 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/17 13:07:29.0982 4316 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/17 13:07:30.0011 4316 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/17 13:07:30.0064 4316 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/17 13:07:30.0092 4316 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/17 13:07:30.0140 4316 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/17 13:07:30.0188 4316 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/09/17 13:07:30.0223 4316 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/17 13:07:30.0258 4316 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/17 13:07:30.0306 4316 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/09/17 13:07:30.0360 4316 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/09/17 13:07:30.0440 4316 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/17 13:07:30.0483 4316 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/09/17 13:07:30.0521 4316 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/09/17 13:07:30.0578 4316 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/09/17 13:07:30.0692 4316 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/17 13:07:30.0732 4316 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/17 13:07:30.0781 4316 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/17 13:07:30.0803 4316 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/09/17 13:07:30.0846 4316 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/17 13:07:30.0906 4316 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/09/17 13:07:30.0933 4316 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/17 13:07:30.0958 4316 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/17 13:07:30.0991 4316 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/17 13:07:31.0035 4316 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/09/17 13:07:31.0070 4316 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/17 13:07:31.0093 4316 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/17 13:07:31.0119 4316 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/09/17 13:07:31.0161 4316 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/09/17 13:07:31.0224 4316 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/09/17 13:07:31.0253 4316 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/17 13:07:31.0274 4316 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/17 13:07:31.0319 4316 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/09/17 13:07:31.0351 4316 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/17 13:07:31.0416 4316 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/09/17 13:07:31.0450 4316 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/09/17 13:07:31.0492 4316 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/09/17 13:07:31.0613 4316 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
2011/09/17 13:07:31.0680 4316 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/17 13:07:31.0739 4316 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/17 13:07:31.0787 4316 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/09/17 13:07:31.0813 4316 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/09/17 13:07:31.0856 4316 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/17 13:07:31.0883 4316 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/09/17 13:07:31.0968 4316 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/17 13:07:32.0004 4316 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/17 13:07:32.0053 4316 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/17 13:07:32.0094 4316 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/17 13:07:32.0130 4316 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/17 13:07:32.0177 4316 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/17 13:07:32.0224 4316 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/09/17 13:07:32.0250 4316 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/17 13:07:32.0350 4316 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/17 13:07:32.0396 4316 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
2011/09/17 13:07:32.0442 4316 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/17 13:07:32.0497 4316 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/09/17 13:07:32.0540 4316 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
2011/09/17 13:07:32.0578 4316 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/17 13:07:32.0625 4316 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/09/17 13:07:32.0688 4316 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/17 13:07:32.0726 4316 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/17 13:07:32.0751 4316 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/09/17 13:07:32.0781 4316 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
2011/09/17 13:07:32.0813 4316 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/09/17 13:07:32.0873 4316 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/17 13:07:32.0925 4316 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/17 13:07:32.0940 4316 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/09/17 13:07:32.0973 4316 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/09/17 13:07:33.0006 4316 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/09/17 13:07:33.0037 4316 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/09/17 13:07:33.0065 4316 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/09/17 13:07:33.0118 4316 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/09/17 13:07:33.0155 4316 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/09/17 13:07:33.0193 4316 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/09/17 13:07:33.0217 4316 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/09/17 13:07:33.0267 4316 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/09/17 13:07:33.0310 4316 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/17 13:07:33.0342 4316 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/09/17 13:07:33.0376 4316 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/17 13:07:33.0426 4316 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/17 13:07:33.0440 4316 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/17 13:07:33.0509 4316 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/09/17 13:07:33.0541 4316 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/17 13:07:33.0621 4316 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/17 13:07:33.0660 4316 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/09/17 13:07:33.0749 4316 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/17 13:07:33.0934 4316 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/17 13:07:34.0002 4316 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/17 13:07:34.0067 4316 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/09/17 13:07:34.0098 4316 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/17 13:07:34.0152 4316 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/09/17 13:07:34.0169 4316 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/09/17 13:07:34.0208 4316 Boot (0x1200) (b9b3b0480dc402ab837e31bd65679f90) \Device\Harddisk0\DR0\Partition0
2011/09/17 13:07:34.0228 4316 Boot (0x1200) (e0fef9b3e802da946dfef3f7b72d1b3e) \Device\Harddisk1\DR1\Partition0
2011/09/17 13:07:34.0268 4316 Boot (0x1200) (b45d2fdd33bfbc3f37992b90b2d1c084) \Device\Harddisk1\DR1\Partition1
2011/09/17 13:07:34.0274 4316 ================================================================================
2011/09/17 13:07:34.0274 4316 Scan finished
2011/09/17 13:07:34.0274 4316 ================================================================================
2011/09/17 13:07:34.0293 3092 Detected object count: 0
2011/09/17 13:07:34.0293 3092 Actual detected object count: 0

Edited by stsa84, 17 September 2011 - 12:08 PM.


#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:10 AM

Posted 17 September 2011 - 01:37 PM

OK, let's rebuild "hosts" file.

Open Notepad.
Paste the following text into it:

# Copyright  1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. File is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Posted Image

Post new System Look log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 17 September 2011 - 02:03 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 15:02 on 17/09/2011 by AaronRach
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts --a---- 760 bytes [19:00 17/09/2011] [19:01 17/09/2011]
hosts.old --a---- 1412 bytes [02:04 14/07/2009] [01:33 25/04/2011]
lmhosts.sam --a---- 3683 bytes [02:05 14/07/2009] [21:39 10/06/2009]
networks --a---- 407 bytes [02:04 14/07/2009] [21:39 10/06/2009]
protocol --a---- 1358 bytes [02:04 14/07/2009] [21:39 10/06/2009]
services --a---- 17463 bytes [02:04 14/07/2009] [21:39 10/06/2009]

---Folders---
None found.

-= EOF =-

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:10 AM

Posted 17 September 2011 - 02:07 PM

Now, please uninstall/reinstall Avira.

When all done, post new Process Explorer log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 17 September 2011 - 02:27 PM

Avira uninstalled/reinstalled.

Process Explorer Log:


Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 84.37 0 K 24 K
System 4 1.12 48 K 580 K
Interrupts n/a 1.75 0 K 0 K Hardware Interrupts and DPCs
smss.exe 288 276 K 832 K
csrss.exe 432 < 0.01 1,324 K 3,432 K
conhost.exe 2580 840 K 2,868 K
wininit.exe 500 1,204 K 3,928 K
services.exe 556 0.02 4,952 K 8,868 K
svchost.exe 748 0.46 3,096 K 7,112 K
igfxsrvc.exe 2532 1,796 K 5,000 K igfxsrvc Module Intel Corporation C:\Windows\system32\igfxsrvc.exe -Embedding
COCIManager.exe 3068 0.01 2,224 K 6,448 K Camera Control Interface Logitech Inc. "C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
WmiPrvSE.exe 452 2,492 K 5,732 K
svchost.exe 824 3,020 K 6,140 K
cmdagent.exe 872 < 0.01 34,116 K 4,128 K
svchost.exe 956 0.02 11,964 K 11,756 K
svchost.exe 1000 15,804 K 16,692 K
audiodg.exe 1200 16,988 K 16,348 K
svchost.exe 1036 0.33 59,624 K 66,008 K
dwm.exe 1796 2.55 48,212 K 56,484 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe 1100 0.01 153,948 K 94,724 K
UMVPFSrv.exe 1140 1,296 K 3,836 K
svchost.exe 1268 0.01 6,364 K 11,780 K
spoolsv.exe 1540 5,660 K 10,608 K
svchost.exe 1576 16,504 K 16,956 K
AppleMobileDeviceService.exe 1724 0.05 2,220 K 7,164 K
mDNSResponder.exe 1832 1,660 K 4,924 K
taskhost.exe 1892 7,336 K 7,616 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
svchost.exe 1924 5,772 K 11,852 K
svchost.exe 448 < 0.01 7,268 K 6,712 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
WLIDSVC.EXE 764 < 0.01 4,984 K 11,696 K
WLIDSVCM.EXE 2080 944 K 3,024 K
svchost.exe 2432 1,612 K 4,700 K
iPodService.exe 3472 0.01 1,996 K 5,512 K
SearchIndexer.exe 3496 < 0.01 27,240 K 15,196 K
SearchProtocolHost.exe 2588 < 0.01 2,928 K 7,132 K
SearchFilterHost.exe 2352 1,896 K 4,864 K
wmpnetwk.exe 3664 11,620 K 4,688 K
svchost.exe 3896 2,408 K 6,852 K
mbamservice.exe 2136 90,272 K 38,656 K Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamservice.exe"
avguard.exe 3016 < 0.01 112,376 K 31,212 K
avshadow.exe 296 1,300 K 4,064 K
sched.exe 496 4,272 K 360 K
TrustedInstaller.exe 2664 1,956 K 6,624 K
lsass.exe 600 0.06 3,280 K 8,336 K
lsm.exe 608 1,712 K 3,944 K
csrss.exe 508 0.17 9,736 K 13,432 K
winlogon.exe 588 1,600 K 4,916 K
explorer.exe 1844 0.43 42,112 K 62,852 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
cfp.exe 680 0.04 20,744 K 8,460 K COMODO Internet Security COMODO "C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe" -h
RtHDVCpl.exe 964 7,692 K 8,752 K Realtek HD Audio Manager Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
igfxtray.exe 2312 1,744 K 5,112 K igfxTray Module Intel Corporation "C:\Windows\System32\igfxtray.exe"
hkcmd.exe 2328 1,868 K 5,052 K hkcmd Module Intel Corporation "C:\Windows\System32\hkcmd.exe"
igfxpers.exe 2500 1,528 K 4,972 K persistence Module Intel Corporation "C:\Windows\System32\igfxpers.exe"
LWS.exe 2592 < 0.01 4,216 K 11,304 K Logitech Webcam Software Logitech Inc. "C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe" -hide
CameraHelperShell.exe 3044 0.11 14,160 K 23,664 K Webcam Controller Logitech Inc. "C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe" /hide
jusched.exe 2768 1,212 K 4,080 K Java™ Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
iTunesHelper.exe 2936 < 0.01 5,100 K 11,956 K iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
mbamgui.exe 2956 2,096 K 6,420 K Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Users\AaronRach\Desktop\Slow Stuff\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
avgnt.exe 1768 0.04 6,600 K 3,016 K Antivirus System Tray Tool Avira GmbH "C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe" /min /NOSPLASH /SETUPSTART
firefox.exe 3264 0.13 139,068 K 169,404 K Firefox Mozilla Corporation "C:\Program Files\Internet & Security\Firefox\firefox.exe"
plugin-container.exe 2980 5,360 K 11,000 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files\Internet & Security\Firefox\plugin-container.exe" --channel=3264.57ce010.1648941620 "C:\Windows\system32\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0.2 -greomni "C:\Program Files\Internet & Security\Firefox\omni.jar" 3264 "\\.\pipe\gecko-crash-server-pipe.3264" plugin
WinRAR.exe 2360 < 0.01 8,120 K 17,764 K WinRAR archiver Alexander Roshal "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\AaronRach\Desktop\Slow Stuff\ProcessExplorer.zip"
procexp.exe 3284 8.30 18,780 K 36,204 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\AARONR~1\AppData\Local\Temp\Rar$EX01.884\procexp.exe"

Edited by stsa84, 17 September 2011 - 02:28 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users