Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Financial site redirect


  • Please log in to reply
7 replies to this topic

#1 stsa84

stsa84

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 11 May 2012 - 09:37 AM

To whoever picks this up, an advanced thanks. You guys blow me away with your expertise and generosity. Keep up the incredible work.

Original post in the "Am I Infected?" forum located here: http://www.bleepingcomputer.com/forums/topic453199.html, symptoms copied here:

"When I try to access my USAA account (banking, insurance, etc), after logging in, I am redirected to a page that appears legit, but is asking for every piece of financial and security info about me (account numbers, credit card info, ATM pin, mother's maiden name, etc). Normally I'd be asked my website login PIN and then brought into my account. I called USAA and they verified that this page is not theirs. (Thought I'd mention, I immediately changed my login info from another computer.)

Redirect image: Posted Image

Just saw that the same thing is happening with Amazon as well.

Internet browsing is also somewhat slow, the mouse arrow flickers on certain sites, and certain sites that I frequent are loading improperly. I did a speed test and have no problem with my internet connection (25/5 mb/s download/upload speeds)"



Steps 1-10 of Preparation Guide for Using this Forum - complete

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by AaronRach at 9:54:52 on 2012-05-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3061.1624 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet & Security\Firefox\firefox.exe
C:\Program Files\Internet & Security\Firefox\plugin-container.exe
C:\Program Files\Cobian Backup 11\Cobian.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\internet & security\java\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\internet & security\java\bin\jp2ssv.dll
uRun: [Adobe Reader Synchronizer] "c:\program files\internet & security\adobe\reader\AdobeCollabSync.exe"
uRun: [Spotify Web Helper] "c:\users\aaronrach\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [COMODO Internet Security] "c:\program files\internet & security\comodo firewall\comodo\comodo internet security\cfp.exe" -h
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\internet & security\adobe\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avgnt] "c:\program files\internet & security\avira antivirus\avira\antivir desktop\avgnt.exe" /min
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\aaronr~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\nexdef~1.lnk - c:\users\aaronrach\appdata\local\autobahn\nexdef.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{A4BF82F0-8DE4-44D1-8287-C3F0503DC511} : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aaronrach\appdata\roaming\mozilla\firefox\profiles\5pogyt5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - component: c:\program files\internet rel: security\firefox\components\browserdirprovider.dll
FF - component: c:\program files\internet rel: security\firefox\components\brwsrcmp.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\internet & security\adobe\reader\air\nppdf32.dll
FF - plugin: c:\program files\internet & security\adobe\reader\browser\nppdf32.dll
FF - plugin: c:\program files\internet & security\firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\internet & security\firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\internet & security\firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\internet & security\firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\internet & security\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\internet & security\java\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\internet & security\picasa\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 39640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\internet & security\avira antivirus\avira\antivir desktop\sched.exe [2011-9-17 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\internet & security\avira antivirus\avira\antivir desktop\avguard.exe [2011-9-17 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-17 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-10 654408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2011-4-1 20448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-10 22344]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-24 277536]
S2 CLPSLS;COMODO livePCsupport Service;"c:\program files\comodo\comodo livepcsupport\clpsls.exe" --> c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-31 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-31 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 129976]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-9 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
.
=============== Created Last 30 ================
.
2012-05-11 13:23:50 -------- d-----w- c:\program files\Cobian Backup 11
2012-05-10 19:49:57 -------- d-----w- c:\users\aaronrach\appdata\roaming\SUPERAntiSpyware.com
2012-05-10 19:49:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-10 19:49:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-10 19:40:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 19:40:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-08 23:20:03 -------- d-----w- c:\programdata\Windows
2012-05-04 18:00:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-27 23:53:26 -------- d-----w- c:\users\aaronrach\.autobahn
2012-04-27 23:53:14 -------- d-----w- c:\users\aaronrach\appdata\local\Autobahn
2012-04-16 00:44:38 -------- d-----w- c:\users\aaronrach\.dvdcss
2012-04-12 07:05:33 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:05:33 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:05:33 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:05:32 159232 ----a-w- c:\windows\system32\imagehlp.dll
.
==================== Find3M ====================
.
2012-05-05 03:26:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 03:26:03 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-11 21:13:36 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13:35 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13:34 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13:19 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13:18 301224 ----a-w- c:\windows\system32\guard32.dll
2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 9:56:03.87 ===============

GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-11 10:34:29
Windows 6.1.7601 Service Pack 1 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD7500AACS-00D6B0 rev.01.01A01
Running: bzu3kmjs.exe; Driver: C:\Users\AARONR~1\AppData\Local\Temp\axloquog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8FE48F26]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8FE49112]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8FE48286]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8FE48B8C]
SSDT 9077052E ZwCreateSection
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8FE49C8A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8FE47C72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8FE49340]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8FE496BC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8FE4854E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8FE48D68]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8FE487E8]
SSDT 90770533 ZwSetContextThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8FE499A8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8FE484B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8FE486D4]
SSDT 907704CF ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8FE47E76]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C40369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C79D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82C80D8C 4 Bytes [26, 8F, E4, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82C80DB4 4 Bytes [12, 91, E4, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82C80E48 4 Bytes [86, 82, E4, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82C80E64 4 Bytes [8C, 8B, E4, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C80EAC 4 Bytes [2E, 05, 77, 90]
.text ...
? C:\Users\AARONR~1\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\Users\AARONR~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text gdi32.dll!DeleteDC 761C6EAA 5 Bytes [E9, 11, 1D, E6, 99] {JMP 0xffffffff99e61d16}
.text gdi32.dll!GetPixel 761CC3D5 5 Bytes [E9, B6, C5, E5, 99] {JMP 0xffffffff99e5c5bb}
.text gdi32.dll!CreateDCA 761CCCA9 5 Bytes [E9, 12, D0, E5, 99] {JMP 0xffffffff99e5d017}
.text gdi32.dll!CreateDCW 761CCF79 5 Bytes [E9, 42, CC, E5, 99] {JMP 0xffffffff99e5cc47}
.text kernel32.dll!CreateProcessW 75CB204D 5 Bytes [E9, DE, 2E, 37, 9A] {JMP 0xffffffff9a372ee3}
.text kernel32.dll!CreateProcessA 75CB2082 5 Bytes [E9, 39, 3A, 37, 9A] {JMP 0xffffffff9a373a3e}
.text kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes [E9, AC, E0, 33, 9A] {JMP 0xffffffff9a33e0b1}
.text advapi32.dll!CreateProcessAsUserA 75A82538 5 Bytes [E9, 53, 1E, 5A, 9A] {JMP 0xffffffff9a5a1e58}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Bonjour\mDNSResponder.exe[112] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[112] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[112] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[112] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[112] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[112] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[112] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[112] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[112] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[112] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[112] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[112] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[280] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[280] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[280] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[280] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[280] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[280] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[280] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[280] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[280] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[280] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[280] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe[280] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[312] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[312] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[312] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[312] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[312] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[312] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[312] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[312] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[312] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[312] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[312] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[312] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[316] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[316] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[316] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[316] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[316] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[316] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[316] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[316] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[316] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[316] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[316] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[316] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[412] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 75501BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[412] ntdll.dll!NtReplyWaitReceivePort 773A6418 5 Bytes JMP 75501450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[412] ntdll.dll!NtReplyWaitReceivePortEx 773A6428 5 Bytes JMP 755017F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!RegisterRawInputDevices 76025B52 5 Bytes JMP 10018E60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SystemParametersInfoA 760280E0 7 Bytes JMP 1001C5F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SetParent 76028314 5 Bytes JMP 100188E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!EnableWindow 76028D02 5 Bytes JMP 10017E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!MoveWindow 76028D29 5 Bytes JMP 10018B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!GetAsyncKeyState 7602A256 5 Bytes JMP 10019080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!RegisterHotKey 7602AA19 5 Bytes JMP 100180A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!PostThreadMessageA 7602AD09 5 Bytes JMP 1001B8E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SendMessageA 7602AD60 5 Bytes JMP 1001B3A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!PostMessageA 7602B446 5 Bytes JMP 1001BE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SendNotifyMessageW 7602C88A 5 Bytes JMP 1001A0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SystemParametersInfoW 7602E09A 7 Bytes JMP 1001C3D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SetWindowsHookExW 7602E30C 1 Byte [E9]
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 1001C810 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SendMessageTimeoutW 7602E459 5 Bytes JMP 1001AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!PostThreadMessageW 7602EEFC 5 Bytes JMP 1001B640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 1001C0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!GetKeyState 76032B4D 5 Bytes JMP 10019330 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SendMessageCallbackW 76032F7B 5 Bytes JMP 1001A600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!PostMessageW 7603447B 5 Bytes JMP 1001BB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SendMessageW 76035539 5 Bytes JMP 1001B100 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!GetClipboardData 76042BA7 5 Bytes JMP 100182D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SendNotifyMessageA 7604493C 5 Bytes JMP 1001A360 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!mouse_event 76046209 5 Bytes JMP 10029670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SetClipboardViewer 76046FF6 5 Bytes JMP 100186E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SendDlgItemMessageW 760470D8 5 Bytes JMP 10019B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SendDlgItemMessageA 76047241 5 Bytes JMP 10019E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!GetKeyboardState 76056946 5 Bytes JMP 100195E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!BlockInput 76056A99 5 Bytes JMP 100184E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 1001CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SendMessageTimeoutA 76056DA9 5 Bytes JMP 1001AE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SendInput 76057019 5 Bytes JMP 10019890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!ExitWindowsEx 760706C7 5 Bytes JMP 10017BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!keybd_event 7607EC3B 5 Bytes JMP 10029880 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SendMessageCallbackA 76083E8B 5 Bytes JMP 1001A8C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] GDI32.dll!BitBlt 761C72C0 5 Bytes JMP 100293E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] GDI32.dll!MaskBlt 761CC7AD 5 Bytes JMP 10029130 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] GDI32.dll!StretchBlt 761CF467 5 Bytes JMP 10028C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] GDI32.dll!PlgBlt 761E0F73 5 Bytes JMP 10028EA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[468] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[480] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 75501BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[480] ntdll.dll!NtReplyWaitReceivePort 773A6418 5 Bytes JMP 75501450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[480] ntdll.dll!NtReplyWaitReceivePortEx 773A6428 5 Bytes JMP 755017F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] services.exe 00791608 4 Bytes [80, E1, 01, 10]
.text C:\Windows\system32\services.exe[528] services.exe 00791618 4 Bytes [60, DC, 01, 10]
.text C:\Windows\system32\services.exe[528] services.exe 00791638 4 Bytes [A0, E4, 01, 10]
.text C:\Windows\system32\services.exe[528] services.exe 00791648 4 Bytes [E0, DE, 01, 10] {LOOPNZ 0xffffffffffffffe0; ADD [EAX], EDX}
.text C:\Windows\system32\services.exe[528] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] RPCRT4.dll!RpcServerRegisterIfEx 763209BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[528] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[572] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[572] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[572] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[572] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[572] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[572] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[572] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[572] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[572] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[572] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[572] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[572] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[580] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[580] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[580] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[580] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[580] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[580] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[580] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[580] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[580] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[580] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[580] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[580] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] RPCRT4.dll!RpcServerRegisterIfEx 763209BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[692] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\cbInterface.exe[740] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\cbInterface.exe[740] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\cbInterface.exe[740] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\cbInterface.exe[740] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\cbInterface.exe[740] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\cbInterface.exe[740] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\cbInterface.exe[740] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\cbInterface.exe[740] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\cbInterface.exe[740] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\cbInterface.exe[740] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\cbInterface.exe[740] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\cbInterface.exe[740] advapi32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] RPCRT4.dll!RpcServerRegisterIfEx 763209BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] rpcss.dll!CoGetComCatalog 749F35EC 8 Bytes JMP ED501001
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] USER32.dll!SetWindowLongA 76028BA3 5 Bytes JMP 654A5EE6 C:\Program Files\Internet & Security\Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] USER32.dll!SetWindowLongW 76034449 5 Bytes JMP 654A5E78 C:\Program Files\Internet & Security\Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] USER32.dll!GetWindowInfo 76034B5E 5 Bytes JMP 65294822 C:\Program Files\Internet & Security\Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] USER32.dll!TrackPopupMenu 76042228 5 Bytes JMP 65294DD6 C:\Program Files\Internet & Security\Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\plugin-container.exe[804] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe[872] ntdll.dll!NtAllocateVirtualMemory 773A52D8 5 Bytes JMP 00533F00 C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe[872] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 0054D9A0 C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[936] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[936] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[936] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[936] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] RPCRT4.dll!RpcServerRegisterIfEx 763209BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1104] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1104] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1104] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1104] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1104] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1104] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1104] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1104] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1104] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1104] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1104] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1104] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1216] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1216] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1216] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1216] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1336] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1336] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1336] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1336] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1336] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1336] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1336] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1336] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1336] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1336] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1336] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1336] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] kernel32.dll!CreateProcessA

Attached Files


Edited by stsa84, 11 May 2012 - 01:03 PM.


BC AdBot (Login to Remove)

 


#2 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 11 May 2012 - 09:38 AM

75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1472] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1472] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1472] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1472] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1472] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1472] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1472] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1472] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1472] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1472] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1472] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[1472] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1616] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1616] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1616] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1616] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1616] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1616] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1616] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1616] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1616] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1616] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1616] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1616] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1648] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1648] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1648] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1648] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1648] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1648] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1648] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1648] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1648] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1648] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1648] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe[1648] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1656] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1656] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1656] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1656] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1656] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1656] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1656] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1656] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1656] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1656] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1656] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1656] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1704] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1704] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1704] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1704] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1704] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1704] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1704] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1704] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1704] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1704] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1704] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[1704] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] RPCRT4.dll!RpcServerRegisterIfEx 763209BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1952] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1952] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO

Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1952] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1952] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1952] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1952] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1952] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1952] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1952] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1952] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1952] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1952] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1972] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1972] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1972] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1972] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1972] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1972] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1972] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1972] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe[1972] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2476] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2476] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2476] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2476] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2476] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2476] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2476] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2476] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2476] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2476] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2476] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2476] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe[2552] ntdll.dll!NtAllocateVirtualMemory 773A52D8 5 Bytes JMP 0077FC60 C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2664] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2664] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2664] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2664] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2664] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2664] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2664] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2664] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2664] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2664] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2664] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2664] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[2804] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[2804] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[2804] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[2804] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[2804] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[2804] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[2804] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[2804] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[2804] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[2804] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[2804] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\rundll32.exe[2804] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2812] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2812] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2812] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2812] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2812] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2812] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2812] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2812] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2812] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2812] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2812] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2812] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3008] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3008] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3008] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3008] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3008] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3008] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3008] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3008] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3008] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3008] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3008] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3008] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3188] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3188] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3188] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3188] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3188] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3188] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3188] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3188] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3188] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3188] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3188] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3188] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3248] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 002EB520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3248] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 002DD080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3248] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 002DD1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3248] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 002E7DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3248] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 002E4F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3248] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 002E5AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3248] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 002E3A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3248] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 002E8BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3248] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 002E8990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3248] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 002E9CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3248] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 002E9BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxtray.exe[3248] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 002E4390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3256] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 0031B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3256] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 0030D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3256] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 0030D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3256] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 00317DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3256] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 00314F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3256] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 00315AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3256] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 00313A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3256] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 00318BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3256] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 00318990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3256] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 00319CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3256] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 00319BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\hkcmd.exe[3256] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 00314390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3324] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3324] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3324] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3324] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3324] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3324] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3324] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3324] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3324] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3324] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3324] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\igfxpers.exe[3324] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\igfxsrvc.exe[3356] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3420] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3420] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3420] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3420] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3420] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3420] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3420] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3420] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3420] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3420] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3420] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3420] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3428] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3428] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3428] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3428] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3428] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3428] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3428] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3428] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3428] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3428] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3428] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3428] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[3504] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[3504] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[3504] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[3504] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[3504] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[3504] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[3504] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[3504] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[3504] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[3504] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[3504] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe[3504] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3560] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3560] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3560] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3560] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3560] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3560] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3560] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3560] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3560] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3560] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3560] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3560] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3568] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3568] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3568] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3568] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3568] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3568] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3568] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3568] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3568] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3568] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3568] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3568] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3576] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3576] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3576] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3576] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3576] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3576] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3576] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3576] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3576] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3576] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3576] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3576] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3588] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3588] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3588] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3588] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3588] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3588] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3588] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3588] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3588] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3588] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3588] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[3588] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3648] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3648] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3648] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3648] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3648] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3648] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3648] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3648] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3648] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3648] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3648] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3648] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3692] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3692] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3692] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3692] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3692] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3692] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3692] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3692] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3692] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3692] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3692] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3692] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3704] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3704] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3704] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3704] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3704] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3704] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3704] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3704] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3704] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3704] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3704] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3704] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe[3720] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe[3720] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe[3720] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe[3720] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe[3720] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe[3720] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe[3720] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe[3720] ADVAPI32.DLL!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe[3720] GDI32.DLL!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe[3720] GDI32.DLL!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe[3720] GDI32.DLL!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe[3720] GDI32.DLL!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3840] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3840] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3840] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3840] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3840] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3840] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3840] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3840] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3840] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3840] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3840] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3840] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff 2\GMER\bzu3kmjs.exe[3848] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff 2\GMER\bzu3kmjs.exe[3848] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff 2\GMER\bzu3kmjs.exe[3848] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff 2\GMER\bzu3kmjs.exe[3848] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff 2\GMER\bzu3kmjs.exe[3848] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff 2\GMER\bzu3kmjs.exe[3848] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff 2\GMER\bzu3kmjs.exe[3848] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff 2\GMER\bzu3kmjs.exe[3848] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff 2\GMER\bzu3kmjs.exe[3848] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff 2\GMER\bzu3kmjs.exe[3848] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff 2\GMER\bzu3kmjs.exe[3848] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\AaronRach\Desktop\Slow Stuff 2\GMER\bzu3kmjs.exe[3848] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\Cobian.exe[3864] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\Cobian.exe[3864] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\Cobian.exe[3864] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\Cobian.exe[3864] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\Cobian.exe[3864] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\Cobian.exe[3864] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\Cobian.exe[3864] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\Cobian.exe[3864] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\Cobian.exe[3864] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\Cobian.exe[3864] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\Cobian.exe[3864] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cobian Backup 11\Cobian.exe[3864] advapi32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtAllocateVirtualMemory 773A52D8 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtCreateProcessEx 773A56A8 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtDeleteFile 773A5808 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtFreeVirtualMemory 773A59D8 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtLoadDriver 773A5B58 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtOpenFile 773A5CD8 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtSetInformationProcess 773A6678 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtUnloadDriver 773A6958 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!NtWriteVirtualMemory 773A6A98 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!KiUserExceptionDispatcher 773A6FE8 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!RtlAllocateHeap 773B2D66 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!LdrGetProcedureAddress 773C2213 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 6511C930 C:\Program Files\Internet & Security\Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!CopyFileW 75CE6AF7 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!CopyFileExW 75CEB238 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!DeleteFileW 75CF16EF 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!VirtualProtect 75CF2BCD 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!DeleteFileA 75CF4382 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!LoadLibraryExA 75CF4466 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!LoadLibraryExW 75CF5079 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!MoveFileWithProgressW 75CF8D8C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!MoveFileExW 75CF8DB0 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!MapViewOfFile 75CF93DB 5 Bytes JMP 6534E083 C:\Program Files\Internet & Security\Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!VirtualAlloc 75CFC43A 5 Bytes JMP 6534E0AA C:\Program Files\Internet & Security\Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!GetProcAddress 75CFCC94 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!GetModuleHandleW 75CFCCAC 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!GetModuleHandleA 75CFD8F3 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!LoadLibraryA 75CFDC65 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!CreateFileW 75CFE8A5 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!CreateFileA 75CFEA61 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!LoadLibraryW 75CFEF42 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!OpenFile 75D0D54F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!MoveFileExA 75D13F78 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!MoveFileWithProgressA 75D13F98 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!CopyFileA 75D16D5A 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!MoveFileW 75D16ED6 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!MoveFileA 75D3BF49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!CopyFileExA 75D3CDA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!WinExec 75D3EDB2 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] kernel32.dll!LoadModule 75D3F29D 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] GDI32.dll!CreateDIBSection 761C8850 5 Bytes JMP 6534E00D C:\Program Files\Internet & Security\Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] WININET.dll!InternetConnectW 75BD492D 5 Bytes JMP 1002A900 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet & Security\Firefox\firefox.exe[4960] WININET.dll!InternetConnectA 75BD49EA 5 Bytes JMP 1002A920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5260] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5260] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5260] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5260] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5260] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5260] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5260] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5260] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5260] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5260] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5260] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5260] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5276] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5276] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5276] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5276] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5276] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5276] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5276] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5276] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5276] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5276] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5276] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[5276] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[5720] ntdll.dll!NtAlpcSendWaitReceivePort 773A5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[5720] ntdll.dll!NtClose 773A54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[5720] ntdll.dll!LdrUnloadDll 773BC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[5720] ntdll.dll!LdrLoadDll 773C223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[5720] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[5720] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[5720] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[5720] ADVAPI32.dll!CreateProcessAsUserA 75A82538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[5720] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[5720] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[5720] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[5720] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by stsa84, 11 May 2012 - 01:05 PM.


#3 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:31 PM

Posted 11 May 2012 - 03:47 PM

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Under the Custom Scan box paste this in

    c:\programdata\Windows\*.* /s
    c:\programdata\Windows\*. /s


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Edited by Gammo, 11 May 2012 - 03:51 PM.

unite_blue.png

Please post the final results, good or bad. We like to know!


#4 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 11 May 2012 - 05:09 PM

OTL.txt:

OTL logfile created on: 5/11/2012 5:52:38 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\AaronRach\Desktop\Slow Stuff 2\OTL
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 50.87% Memory free
5.98 Gb Paging File | 4.01 Gb Available in Paging File | 67.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 9.69 Gb Free Space | 9.92% Space Free | Partition Type: NTFS
Drive D: | 600.97 Gb Total Space | 88.11 Gb Free Space | 14.66% Space Free | Partition Type: NTFS
Drive G: | 7.45 Gb Total Space | 1.71 Gb Free Space | 22.95% Space Free | Partition Type: FAT32
Drive X: | 1863.01 Gb Total Space | 1697.94 Gb Free Space | 91.14% Space Free | Partition Type: NTFS
Drive Z: | 186.31 Gb Total Space | 186.20 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Computer Name: AARONRACH-PC | User Name: AaronRach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/11 16:47:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\AaronRach\Desktop\Slow Stuff 2\OTL\OTL.exe
PRC - [2012/05/06 00:13:32 | 004,478,976 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 11\cbInterface.exe
PRC - [2012/05/06 00:13:20 | 000,720,896 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 11\Cobian.exe
PRC - [2012/05/05 10:44:47 | 000,932,528 | ---- | M] () -- C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/05/04 14:00:24 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Internet & Security\Firefox\firefox.exe
PRC - [2012/05/04 14:00:24 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Internet & Security\Firefox\plugin-container.exe
PRC - [2012/05/01 12:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 17:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/11/10 06:54:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Internet & Security\Java\bin\javaw.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/11 11:27:42 | 015,490,560 | ---- | M] () -- C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/04/01 01:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/10 16:36:16 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/10 16:36:16 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/10 15:50:07 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/05/10 15:50:07 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/05/08 19:20:14 | 000,099,840 | ---- | M] () -- C:\ProgramData\Windows\wsse.dll
MOD - [2012/05/05 10:44:47 | 000,932,528 | ---- | M] () -- C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/05/04 23:26:03 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/04 14:00:24 | 001,952,696 | ---- | M] () -- C:\Program Files\Internet & Security\Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/11 11:27:44 | 000,159,744 | ---- | M] () -- C:\Users\AaronRach\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011/08/11 11:27:44 | 000,069,632 | ---- | M] () -- C:\Users\AaronRach\AppData\Local\Autobahn\rt\bin\java.dll
MOD - [2011/08/11 11:27:42 | 015,490,560 | ---- | M] () -- C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe
MOD - [2011/08/11 11:27:40 | 000,126,976 | ---- | M] () -- C:\Users\AaronRach\AppData\Local\Autobahn\rt\bin\zip.dll
MOD - [2011/08/11 11:27:40 | 000,020,480 | ---- | M] () -- C:\Users\AaronRach\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)
SRV - [2012/05/04 23:26:03 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/04 14:00:24 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/01 01:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/05/24 10:36:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\AARONR~1\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\AARONR~1\AppData\Local\Temp\axloquog.sys -- (axloquog)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\AARONR~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/11 17:13:36 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 17:13:35 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/12/19 14:59:14 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/21 12:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 12:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/01 01:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUVC.sys -- (LVUVC) Logitech HD Webcam C510(UVC)
DRV - [2011/04/01 01:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/04/01 01:07:52 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/24 10:08:40 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1663999645-1753415249-2289976430-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1663999645-1753415249-2289976430-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1663999645-1753415249-2289976430-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB B0 C4 13 E1 2E CD 01 [binary data]
IE - HKU\S-1-5-21-1663999645-1753415249-2289976430-1001\..\SearchScopes,DefaultScope = {61B0FFB4-5E88-4E00-AD97-5C9E6FF24CD7}
IE - HKU\S-1-5-21-1663999645-1753415249-2289976430-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1663999645-1753415249-2289976430-1001\..\SearchScopes\{61B0FFB4-5E88-4E00-AD97-5C9E6FF24CD7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1663999645-1753415249-2289976430-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1663999645-1753415249-2289976430-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Internet & Security\Picasa\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Internet & Security\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Internet & Security\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Internet & Security\Firefox\components [2012/05/04 14:00:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Internet & Security\Firefox\plugins [2012/01/01 14:16:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/12/01 10:38:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2010/05/23 23:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AaronRach\AppData\Roaming\Mozilla\Extensions
[2012/05/03 22:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AaronRach\AppData\Roaming\Mozilla\Firefox\Profiles\5pogyt5f.default\extensions
[2012/01/01 17:29:54 | 000,000,929 | ---- | M] () -- C:\Users\AaronRach\AppData\Roaming\Mozilla\Firefox\Profiles\5pogyt5f.default\searchplugins\conduit.xml
[2012/01/06 16:09:21 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/22 22:13:47 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI

O1 HOSTS File: ([2011/09/17 15:01:45 | 000,000,760 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Internet & Security\Java\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Internet & Security\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Internet & Security\Adobe\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1663999645-1753415249-2289976430-1001..\Run: [Adobe Reader Synchronizer] C:\Program Files\Internet & Security\Adobe\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1663999645-1753415249-2289976430-1001..\Run: [Spotify Web Helper] C:\Users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-1663999645-1753415249-2289976430-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\AaronRach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\AaronRach\AppData\Local\Autobahn\nexdef.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4BF82F0-8DE4-44D1-8287-C3F0503DC511}: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 19:02:49 | 000,000,000 | RH-D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/11 09:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 11
[2012/05/10 21:04:57 | 000,000,000 | ---D | C] -- C:\Users\AaronRach\Desktop\Slow Stuff 2
[2012/05/10 15:49:57 | 000,000,000 | ---D | C] -- C:\Users\AaronRach\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/10 15:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/10 15:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/10 15:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/10 15:40:16 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/10 15:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/08 19:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2012/05/04 14:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/04 14:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/27 19:53:26 | 000,000,000 | ---D | C] -- C:\Users\AaronRach\.autobahn
[2012/04/27 19:53:14 | 000,000,000 | ---D | C] -- C:\Users\AaronRach\AppData\Local\Autobahn
[2012/04/20 19:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/04/15 20:44:38 | 000,000,000 | ---D | C] -- C:\Users\AaronRach\.dvdcss

========== Files - Modified Within 30 Days ==========

[2012/05/11 17:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/11 17:23:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/11 12:00:28 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 12:00:28 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 11:37:25 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/11 06:42:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/10 16:35:05 | 2407,653,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/27 19:53:24 | 000,001,082 | ---- | M] () -- C:\Users\AaronRach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
[2012/04/24 09:53:46 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/24 09:53:46 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/22 20:15:29 | 003,142,690 | ---- | M] () -- C:\Users\AaronRach\Desktop\Humana Appication.pdf

========== Files Created - No Company Name ==========

[2012/04/27 19:53:24 | 000,001,082 | ---- | C] () -- C:\Users\AaronRach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
[2012/04/22 20:15:29 | 003,142,690 | ---- | C] () -- C:\Users\AaronRach\Desktop\Humana Appication.pdf
[2011/06/09 07:46:32 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/01 01:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 01:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 01:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 00:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/01/26 19:57:15 | 000,012,288 | ---- | C] () -- C:\Users\AaronRach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/15 14:30:21 | 000,007,592 | ---- | C] () -- C:\Users\AaronRach\AppData\Local\Resmon.ResmonCfg
[2010/12/26 20:15:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/24 21:46:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/24 00:13:29 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/05/24 00:09:56 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/05/23 23:49:10 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== LOP Check ==========

[2011/04/21 09:26:29 | 000,000,000 | ---D | M] -- C:\Users\AaronRach\AppData\Roaming\Advanced Chemistry Development
[2010/12/16 19:48:50 | 000,000,000 | ---D | M] -- C:\Users\AaronRach\AppData\Roaming\Amazon
[2011/01/25 09:32:55 | 000,000,000 | ---D | M] -- C:\Users\AaronRach\AppData\Roaming\Canon
[2012/03/31 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\AaronRach\AppData\Roaming\FlashGet
[2010/10/22 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\AaronRach\AppData\Roaming\HamsterSoft
[2010/12/26 18:29:40 | 000,000,000 | ---D | M] -- C:\Users\AaronRach\AppData\Roaming\Leadertech
[2010/10/19 17:58:39 | 000,000,000 | ---D | M] -- C:\Users\AaronRach\AppData\Roaming\mkvtoolnix
[2010/12/18 17:34:16 | 000,000,000 | ---D | M] -- C:\Users\AaronRach\AppData\Roaming\PMS
[2012/01/27 11:52:40 | 000,000,000 | ---D | M] -- C:\Users\AaronRach\AppData\Roaming\redsn0w
[2012/05/09 16:21:42 | 000,000,000 | ---D | M] -- C:\Users\AaronRach\AppData\Roaming\Spotify
[2010/07/05 22:43:47 | 000,000,000 | ---D | M] -- C:\Users\AaronRach\AppData\Roaming\StreamTorrent
[2010/06/22 23:37:38 | 000,000,000 | ---D | M] -- C:\Users\AaronRach\AppData\Roaming\Xi
[2011/09/17 15:19:13 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< c:\programdata\Windows\*.* /s >
[2012/05/09 07:13:31 | 001,378,416 | ---- | M] () -- c:\programdata\Windows\dumd.dat
[2012/05/08 19:20:14 | 000,099,840 | ---- | M] () -- c:\programdata\Windows\wsse.dll
[2012/05/08 19:20:14 | 000,303,104 | ---- | M] () -- c:\programdata\Windows\xdor.dat

< c:\programdata\Windows\*. /s >

< End of report >


Extra.txt

OTL Extras logfile created on: 5/11/2012 5:52:38 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\AaronRach\Desktop\Slow Stuff 2\OTL
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 50.87% Memory free
5.98 Gb Paging File | 4.01 Gb Available in Paging File | 67.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 9.69 Gb Free Space | 9.92% Space Free | Partition Type: NTFS
Drive D: | 600.97 Gb Total Space | 88.11 Gb Free Space | 14.66% Space Free | Partition Type: NTFS
Drive G: | 7.45 Gb Total Space | 1.71 Gb Free Space | 22.95% Space Free | Partition Type: FAT32
Drive X: | 1863.01 Gb Total Space | 1697.94 Gb Free Space | 91.14% Space Free | Partition Type: NTFS
Drive Z: | 186.31 Gb Total Space | 186.20 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Computer Name: AARONRACH-PC | User Name: AaronRach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1663999645-1753415249-2289976430-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Internet & Security\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D950DAE-0316-43C8-9076-B78277EF7BE5}" = lport=445 | protocol=6 | dir=in | app=system |
"{24C21555-D798-49F5-881F-075EDACADABC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3712D5F8-D5FD-491C-ADF6-1BC93490CC5C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F7B8117-24D2-4B90-BB01-327DA9FFC37C}" = rport=138 | protocol=17 | dir=out | app=system |
"{4F29891C-6F74-4ED3-B88D-E4721175BEC1}" = lport=137 | protocol=17 | dir=in | app=system |
"{5119D271-16B4-433D-B269-771996D9A7E3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5CA4DF96-8CFC-425D-AB86-97EEA3F3BD80}" = lport=10243 | protocol=6 | dir=in | app=system |
"{743FEA27-D9B8-499D-A799-70DCE0A0A0C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8037A791-F7A5-4C09-A8C7-68B8B164F4F7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8F96787C-26B6-44EC-B8D8-263095AB606C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C23249D-BB26-41FE-AC82-5C34D1D0074A}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C5FA7D2-3CCE-4BD5-B9DA-BFB32A83A6BE}" = rport=445 | protocol=6 | dir=out | app=system |
"{9E8B71FC-E8BF-46B5-B51B-36B765D313C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1A44907-0FB0-49EF-AB87-871D232D121C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC87DDB2-66B7-4D84-8A9B-39CE28149869}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCE60F81-0FB6-4F25-955A-47B587055BA7}" = rport=137 | protocol=17 | dir=out | app=system |
"{C082A60A-ADDF-4737-BF08-E779538B1C31}" = rport=139 | protocol=6 | dir=out | app=system |
"{C96F1105-2254-4279-B9D3-33D98E0B1F07}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D3051927-0947-475D-8259-F3005F6CD345}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D3685153-9AD3-4AD6-82E2-DA1E2AFD2722}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7B568BE-05F5-4731-8B0B-B3259D74CA1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F9BFE12B-8D1B-4AF4-A681-A77EB117FBC9}" = lport=139 | protocol=6 | dir=in | app=system |
"{FC037C67-E9CB-49BA-8F05-588A586D4776}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15AC1C42-C80D-4E9F-BC6D-E4368F4F1CD2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{182C9926-101A-474F-BBED-F67D92CFED32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1EEED983-6DD8-4B4B-B307-87B5FB63C8D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27E5456E-D2FD-48AC-957C-E70D02334F0B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2EE995AA-8A77-461C-B6BE-BA26D133E394}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31C4352C-97D3-42B5-8F6A-7F9802036FBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A21AF55-BC27-4154-99DE-C80CE65AC1CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{40FFAA27-77B1-4DF3-8D71-9BE0DF07D505}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{437DA793-8CEF-4E60-A2C2-A68605429C0A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5E34525C-4E75-4909-8D91-17F11E59A626}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6B1F60B3-686A-4814-9EC7-B59041788798}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{774F0F41-6731-4730-BE2C-F4D8497DFBF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8123A45A-B885-4276-BF93-352D4082E04D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8247FC06-7873-46F6-BE91-1C2380AE48D1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{927338AC-9CD1-4C32-9D9C-FA110DE8B14E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94594F8E-589C-4330-9610-7C8F83096A2A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9740EBAA-E332-479F-9E18-73041C6ACF9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AFC80522-D4FF-40D0-9735-8B1B90E9F311}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC97BBF1-3A13-4495-896C-9E20DF0DA2D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3E35C9A-51B6-4613-A4EF-76EA9E3AA867}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D4D9E638-A419-4D0D-8718-91512E74D53F}" = protocol=6 | dir=out | app=system |
"{E71A4A06-C62C-44D4-8222-982D6BA0A267}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 30
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.09.16
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Canon MP495 series User Registration" = Canon MP495 series User Registration
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CobBackup11" = Cobian Backup 11 Gravity
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.0 (Basic)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Matroska Pack" = Matroska Pack
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Firefox 4.0b8 (x86 en-US)" = Mozilla Firefox 4.0b8 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"PS3 Media Server" = PS3 Media Server
"Spotify" = Spotify
"StreamTorrent 1.0" = StreamTorrent 1.0
"TVWiz" = Intel® TV Wizard
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1663999645-1753415249-2289976430-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2012 1:27:06 AM | Computer Name = AaronRach-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 37503

Error - 5/10/2012 1:27:06 AM | Computer Name = AaronRach-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37503

Error - 5/10/2012 1:27:07 AM | Computer Name = AaronRach-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/10/2012 1:27:07 AM | Computer Name = AaronRach-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 38502

Error - 5/10/2012 1:27:07 AM | Computer Name = AaronRach-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 38502

Error - 5/10/2012 9:38:58 AM | Computer Name = AaronRach-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 12.0.0.4493,
time stamp: 0x4f920759 Faulting module name: coreclr.dll, version: 4.1.10111.0,
time stamp: 0x4f0e0e4f Exception code: 0xc00000fd Fault offset: 0x000157a0 Faulting
process id: 0xafc Faulting application start time: 0x01cd2eb2223136fa Faulting application
path: C:\Program Files\Internet & Security\Firefox\plugin-container.exe Faulting
module path: C:\Program Files\Microsoft Silverlight\4.1.10111.0\coreclr.dll Report
Id: 7e3b8c47-9aa5-11e1-861c-00241d188131

Error - 5/11/2012 12:33:09 AM | Computer Name = AaronRach-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 5/11/2012 3:14:48 AM | Computer Name = AaronRach-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/11/2012 3:14:48 AM | Computer Name = AaronRach-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15647

Error - 5/11/2012 3:14:48 AM | Computer Name = AaronRach-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15647

[ System Events ]
Error - 9/16/2011 11:43:45 AM | Computer Name = AaronRach-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2011 11:43:45 AM | Computer Name = AaronRach-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2011 11:43:45 AM | Computer Name = AaronRach-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2011 11:43:48 AM | Computer Name = AaronRach-PC | Source = DCOM | ID = 10005
Description =

Error - 9/16/2011 11:43:48 AM | Computer Name = AaronRach-PC | Source = DCOM | ID = 10005
Description =

Error - 9/16/2011 11:43:49 AM | Computer Name = AaronRach-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 9/16/2011 11:43:50 AM | Computer Name = AaronRach-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2011 11:43:50 AM | Computer Name = AaronRach-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2011 11:43:50 AM | Computer Name = AaronRach-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2011 11:56:47 AM | Computer Name = AaronRach-PC | Source = DCOM | ID = 10005
Description =


< End of report >

#5 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:31 PM

Posted 11 May 2012 - 05:41 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2012/05/08 19:20:14 | 000,099,840 | ---- | M] () -- C:\ProgramData\Windows\wsse.dll
    [2012/01/01 17:29:54 | 000,000,929 | ---- | M] () -- C:\Users\AaronRach\AppData\Roaming\Mozilla\Firefox\Profiles\5pogyt5f.default\searchplugins\conduit.xml
    [2012/05/08 19:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

unite_blue.png

Please post the final results, good or bad. We like to know!


#6 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 11 May 2012 - 06:55 PM

OTL scan complete. ComboFix scan complete, log below.

Symptoms seems to be gone! USAA login page is normal, Amazon searches don't bring a pop-up asking for my info (just discovered this afternoon that that was a problem as well). How does everything look?

ComboFix:

ComboFix 12-05-11.03 - AaronRach 05/11/2012 19:37:04.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3061.1689 [GMT -4:00]
Running from: c:\users\AaronRach\Desktop\Slow Stuff 2\ComboFix\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
.
.
2012-05-11 23:47 . 2012-05-11 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-11 23:18 . 2012-05-11 23:18 -------- d-----w- C:\_OTL
2012-05-11 13:23 . 2012-05-11 13:23 -------- d-----w- c:\program files\Cobian Backup 11
2012-05-10 19:49 . 2012-05-10 19:49 -------- d-----w- c:\users\AaronRach\AppData\Roaming\SUPERAntiSpyware.com
2012-05-10 19:49 . 2012-05-10 19:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-10 19:49 . 2012-05-10 19:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-10 19:40 . 2012-05-10 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-10 19:40 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-04 18:00 . 2012-05-04 18:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-27 23:53 . 2012-04-27 23:53 -------- d-----w- c:\users\AaronRach\.autobahn
2012-04-27 23:53 . 2012-04-27 23:53 -------- d-----w- c:\users\AaronRach\AppData\Local\Autobahn
2012-04-16 00:44 . 2012-04-16 00:44 -------- d-----w- c:\users\AaronRach\.dvdcss
2012-04-12 07:05 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:05 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:05 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:05 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 03:26 . 2012-04-10 23:19 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 03:26 . 2011-05-13 23:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-11 21:13 . 2010-04-09 05:25 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2010-04-09 05:25 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2010-04-09 05:25 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-11-21 05:07 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2010-04-09 05:26 301224 ----a-w- c:\windows\system32\guard32.dll
2012-02-28 05:38 . 2012-04-11 14:09 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52 . 2012-04-11 14:09 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-17 05:34 . 2012-03-14 05:42 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 05:42 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 05:42 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2012-02-15 16:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Synchronizer"="c:\program files\Internet & Security\Adobe\Reader\AdobeCollabSync.exe" [2011-06-07 550360]
"Spotify Web Helper"="c:\users\AaronRach\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-05 932528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\Internet & Security\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-26 8546848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Adobe Reader Speed Launcher"="c:\program files\Internet & Security\Adobe\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avgnt"="c:\program files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\AaronRach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\users\AaronRach\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-31 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-31 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 491816]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 39640]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Internet & Security\Avira Antivirus\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2011-04-01 20448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 03:26]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-31 15:18]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-31 15:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\AaronRach\AppData\Roaming\Mozilla\Firefox\Profiles\5pogyt5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AC3Filter_is1 - c:\program files\Drivers
AddRemove-Audacity_is1 - c:\program files\Drivers
AddRemove-AVS Update Manager_is1 - c:\program files\AVS4YOU\AVSUpdateManager\unins000.exe
AddRemove-AVS4YOU Software Navigator_is1 - c:\program files\AVS4YOU\AVSSoftwareNavigator\unins000.exe
AddRemove-HaaliMkx - c:\program files\Drivers
AddRemove-KLiteCodecPack_is1 - c:\program files\Drivers
AddRemove-Matroska Pack - c:\program files\Drivers
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(5328)
c:\windows\system32\guard32.dll
.
Completion time: 2012-05-11 19:49:23
ComboFix-quarantined-files.txt 2012-05-11 23:49
.
Pre-Run: 18,767,720,448 bytes free
Post-Run: 18,581,839,872 bytes free
.
- - End Of File - - 0F60993A8EFE4E50DE2F75A7DEE822D5

#7 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:31 PM

Posted 12 May 2012 - 05:17 AM

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:

unite_blue.png

Please post the final results, good or bad. We like to know!


#8 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 12 May 2012 - 08:33 AM

You guys rock, yet again. Thanks so much Gammo!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users