Inactive Win32 pup gen and win32 malware gen

[Inactive] Win32 pup gen and win32 malware gen

My son downloaded a keylogger, he must have figured out how to disable my real time protection. Upon starting my system Avast reported finding the win32 pup gen and sent it to the virus chest. In further checking my system aswMBR detected the win32 malware gen.

Following are the logs requested in the forum posting rules. Your help will be very much appreciated.

 

mbam

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.06.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-DC05388A1 [administrator]

10/6/2012 1:29:22 PM
mbam-log-2012-10-06 (13-29-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181277
Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

gmer 1

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-06 15:06:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BD-08LRA0 rev.07.01D07
Running: cr4u4iu4.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwxcrfob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA840A708]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA86EF824]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA84DD7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA840B11C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA844C401]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xA86EEDD0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA8415F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8415F74]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xA86EF48A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA84160F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA844BDB5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8415E96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA8415FB8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA8415EDE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA86F1FA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA840B310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA84160B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA840BA9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA840A756]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA844CAC7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA844CD7D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA840F0E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA844C932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA844C79D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA84DD8AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA840A3BE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xA86EF098]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA840A7A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA840F456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA840C464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA8415F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8415F96]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xA86EF666]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA841611A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA844C111]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8415EBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA840EC5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA841603A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA8415F06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA840EE8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA84160D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA84DDA2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA844C618]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xA86F10E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA840C330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA844C46A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA840BEDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA84E930E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA844B428]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA840A7F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA840A840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA840B91C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xA86EFE76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA840A448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA840A5F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA844CBCE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA840A59E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA840BBFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA840BD5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA840A668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA840B632]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA840B794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA840A88E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA840B160]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA84F5966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C68 80504520 16 Bytes [28, 5F, 41, A8, 74, 5F, 41, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CA4 8050455C 20 Bytes [B8, 5F, 41, A8, DE, 5E, 41, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DA4 8050465C 16 Bytes [52, 5F, 41, A8, 96, 5F, 41, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 805047E0 12 Bytes [F2, A7, 40, A8, 40, A8, 40, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 80504888 12 Bytes [FE, BB, 40, A8, 5A, BD, 40, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL A840CAF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP A84F2806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP A84F4320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP A84F596A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP A8410A6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP A841095E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP A8410918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C57B 5 Bytes JMP A840FFCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240EB 5 Bytes JMP A840F6E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A55 5 Bytes JMP A8410BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314A0 5 Bytes JMP A8410DE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839ED7 5 Bytes JMP A841081E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5 Bytes JMP A840F5AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP A841008C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP A840FB40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP A840FE06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5F0 5 Bytes JMP A840F592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649BF 5 Bytes JMP A84109A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF8731B9 5 Bytes JMP A840FC00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF873CF6 5 Bytes JMP A840FDC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890DF1 5 Bytes JMP A84100A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89439B 5 Bytes JMP A8410B20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894E73 5 Bytes JMP A8410D3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C226 5 Bytes JMP A840FFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D7BB 5 Bytes JMP A840F756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5 Bytes JMP A840F866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA191 5 Bytes JMP A840F93E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA411 5 Bytes JMP A840FA6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBDCC 5 Bytes JMP A840F48C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB47 BF8F4DE0 5 Bytes JMP A840FFE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2F BF9142F4 5 Bytes JMP A840F682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2603 BF914EC8 5 Bytes JMP A840F812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7C BF917841 5 Bytes JMP A840FF20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1947 BF947973 5 Bytes JMP A8410C96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Java\jre7\bin\jqs.exe[252] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[252] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0038D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [A8, 83] {TEST AL, 0x83}
.text C:\WINDOWS\system32\igfxtray.exe[300] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0039BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0039B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00397DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0038D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00394F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00395AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[300] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00398BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00398990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00399CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00399BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00393A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[300] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00394390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0038D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [A8, 83] {TEST AL, 0x83}
.text C:\WINDOWS\system32\hkcmd.exe[416] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0039BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0039B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00397DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0038D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00394F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00395AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[416] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00398BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00398990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00399CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00399BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00393A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[416] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00394390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\igfxpers.exe[428] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[428] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[428] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[436] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[460] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 003AD080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [AA, 83]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 003BBB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 003BB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003AD1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003B3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003B4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003B8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 003B8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003B9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[472] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 003B9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[492] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[492] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[492] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[492] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

 

gmer 2

.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1516] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1516] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1516] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1516] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1516] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1516] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1516] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\wscntfy.exe[1548] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1548] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1548] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1584] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1592] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1672] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1704] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1752] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1920] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1920] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[2116] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2116] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2116] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\tvnserver.exe[2232] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 00B5D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [25, 84]
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00B6BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00B6B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B67DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00B5D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B64F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B65AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00B63A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00B64390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

 

gmer 3

.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00B68BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00B68990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00B69CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\GeekBuddy\unit.exe[2416] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00B69BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3276] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3276] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3276] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3276] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3276] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3276] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3276] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3276] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3440] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\My Documents\Downloads\cr4u4iu4.exe[3464] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3620] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E207F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E207F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E207F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9E207F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E207F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E207F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

 

gmer 4

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[436] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0065DB60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0065E480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0065DB60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0065DB60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0065DB60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0065DB60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0065D2C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0065E480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0065DB60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0065D6C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0065D750] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0065D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0065DBF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0065DCB0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [0065DEF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [0065D580] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [0065D620] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0065DD70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0065D2C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0065DB60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0065E030] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [0065D6C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0065DD70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [0065D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0065D750] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0065DCB0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0065D310] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [0065E170] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0065E240] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [0065E1F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0065DEF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0065D510] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0065D580] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0065D400] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [0065D2C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0065DB60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0065DEF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0065DD70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [0065D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [0065D580] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [0065DCB0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [0065D750] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [0065DB60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0065E480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateThread] [0065DB60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetSystemMetrics] [0065DD70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0065DB60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[452] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [0065DD70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

 

MBR check

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-06 15:09:26
-----------------------------
15:09:26.140 OS Version: Windows 5.1.2600 Service Pack 3
15:09:26.140 Number of processors: 2 586 0x403
15:09:26.140 ComputerName: OWNER-DC05388A1 UserName: Owner
15:09:27.015 Initialize success
15:09:28.500 AVAST engine defs: 12100600
15:10:00.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:10:00.843 Disk 0 Vendor: WDC_WD400BD-08LRA0 07.01D07 Size: 38162MB BusType: 3
15:10:00.890 Disk 0 MBR read successfully
15:10:00.890 Disk 0 MBR scan
15:10:00.968 Disk 0 Windows XP default MBR code
15:10:00.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
15:10:01.015 Disk 0 scanning sectors +78140160
15:10:01.171 Disk 0 scanning C:\WINDOWS\system32\drivers
15:10:22.031 Service scanning
15:10:43.296 Modules scanning
15:11:19.015 Disk 0 trace - called modules:
15:11:19.031
15:11:19.375 AVAST engine scan C:\WINDOWS
15:11:38.828 AVAST engine scan C:\WINDOWS\system32
15:12:34.890 File: C:\WINDOWS\system32\hkcmd.exe **INFECTED** Win32:Malware-gen
15:17:51.656 AVAST engine scan C:\WINDOWS\system32\drivers
15:18:23.359 AVAST engine scan C:\Documents and Settings\Owner
15:23:16.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat "
15:23:16.078 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt "

 

MBR check

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Owner at 15:24:50 on 2012-10-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1113 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled*
.
============== Running Processes ===============
.
C:\Program Files\Common Files\Comodo\launcher_service.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Comodo\tvnserver.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Comodo\tvnserver.exe
C:\Program Files\COMODO\GeekBuddy\unit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\aswMBR.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFre0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFre0.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFre0.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Akamai NetSession Interface] "c:\documents and settings\owner\local settings\application data\akamai\netsession_win.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [freeklogger.exe] c:\program files\fk_monitor\freeklogger.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [tvncontrol] "c:\program files\common files\comodo\tvnserver.exe" -controlservice -slave
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279211060656
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{022A7DB0-61E1-4FAE-9FCB-BDF9D806F627} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\qrz7wzzr.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extentions.y2layers.installId - 805d5315-ddc9-4059-b9ea-f31496148051
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-1 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-1 355632]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2012-8-3 36112]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 31704]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-1 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-1 44808]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-8-23 70352]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-3-11 1983232]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 tvnserver;TightVNC Server;c:\program files\common files\comodo\tvnserver.exe [2012-1-27 828944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-14 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-14 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 114144]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-06 00:17:48 -------- d-----w- c:\documents and settings\owner\application data\FK_Monitor
2012-10-06 00:17:36 -------- d-----w- c:\program files\FK_Monitor
2012-10-05 22:28:13 -------- d-----w- c:\program files\Yontoo
2012-10-05 22:28:10 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-10-05 21:58:08 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2012-10-05 21:18:50 -------- d-----w- c:\windows\system32\winrm
2012-10-05 21:18:50 -------- d-----w- c:\windows\system32\GroupPolicy
2012-10-05 21:18:46 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-10-05 18:45:07 -------- d-----w- c:\program files\CCleaner
2012-10-05 18:11:55 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 18:11:55 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-05 18:11:45 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-05 18:00:20 -------- d-----w- c:\documents and settings\owner\application data\PriceGong
2012-10-05 17:40:57 -------- d-s-a-r- C:\cmdcons
2012-10-05 17:38:49 98816 ----a-w- c:\windows\sed.exe
2012-10-05 17:38:49 518144 ----a-w- c:\windows\SWREG.exe
2012-10-05 17:38:49 256000 ----a-w- c:\windows\PEV.exe
2012-10-05 17:38:49 208896 ----a-w- c:\windows\MBR.exe
2012-10-05 16:12:11 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-10-03 15:54:08 -------- d-----w- c:\documents and settings\owner\application data\WinPatrol
2012-10-03 15:53:37 -------- d-----w- c:\program files\BillP Studios
2012-10-03 15:53:36 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-10-03 05:38:54 -------- d-----w- c:\program files\common files\Comodo
2012-10-03 05:35:54 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
2012-10-03 05:30:32 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-10-03 05:30:27 -------- d-----w- c:\program files\COMODO
2012-10-03 05:30:25 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-10-03 05:30:25 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-10-03 05:30:24 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-10-03 04:37:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-03 04:37:02 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-09-28 22:10:58 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-09-28 22:10:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-28 22:10:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 22:10:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-10-05 18:11:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-03 14:23:28 36112 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2012-08-03 14:23:28 36112 ----a-w- c:\windows\inf\lps-ca\cfrmd.sys
.
============= FINISH: 15:26:41.76 ===============

 

attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/15/2010 12:07:43 PM
System Uptime: 10/5/2012 8:35:27 PM (19 hours ago)
.
Motherboard: IBM | | IBM
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | LGA775/PSC/TJS | 2992/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 20.309 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP527: 9/12/2012 7:33:25 PM - System Checkpoint
RP528: 9/13/2012 3:00:17 AM - Software Distribution Service 3.0
RP529: 9/14/2012 3:09:27 AM - System Checkpoint
RP530: 9/15/2012 4:21:29 AM - System Checkpoint
RP531: 9/16/2012 4:33:29 AM - System Checkpoint
RP532: 9/17/2012 5:57:29 AM - System Checkpoint
RP533: 9/18/2012 5:57:59 AM - System Checkpoint
RP534: 9/19/2012 6:21:29 AM - System Checkpoint
RP535: 9/20/2012 7:21:29 AM - System Checkpoint
RP536: 9/21/2012 7:33:30 AM - System Checkpoint
RP537: 9/22/2012 3:00:14 AM - Software Distribution Service 3.0
RP538: 9/23/2012 3:21:42 AM - System Checkpoint
RP539: 9/24/2012 4:33:42 AM - System Checkpoint
RP540: 9/25/2012 4:45:42 AM - System Checkpoint
RP541: 9/26/2012 4:57:42 AM - System Checkpoint
RP542: 9/27/2012 5:21:42 AM - System Checkpoint
RP543: 9/28/2012 6:21:41 AM - System Checkpoint
RP544: 9/29/2012 6:27:53 AM - System Checkpoint
RP545: 9/30/2012 7:21:41 AM - System Checkpoint
RP546: 10/1/2012 7:33:41 AM - System Checkpoint
RP547: 10/2/2012 7:45:41 AM - System Checkpoint
RP548: 10/3/2012 8:00:45 AM - System Checkpoint
RP549: 10/4/2012 8:14:15 AM - System Checkpoint
RP550: 10/5/2012 8:48:47 AM - System Checkpoint
RP551: 10/5/2012 2:10:21 PM - Removed Java(TM) 6 Update 26
RP552: 10/5/2012 2:11:13 PM - Installed Java 7 Update 7
RP553: 10/5/2012 5:18:35 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader X (10.1.4)
Adobe SVG Viewer
Akamai NetSession Interface
Akamai NetSession Interface Service
avast! Free Antivirus
CCleaner
COMODO Internet Security
Free Sound Recorder v9.2.5
FreeSoundRecorder Toolbar
GeekBuddy
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
Professor Teaches HTML Fundamentals
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SoundMAX
Spybot - Search & Destroy
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wohiper
TurboTax 2011 wrapper
TurboTax 2011 wwviper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
WinPatrol
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
10/6/2012 2:41:08 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/3/2012 2:10:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
10/3/2012 2:10:48 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

tdsskiller

18:16:19.0468 2092 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:16:19.0812 2092 ============================================================
18:16:19.0812 2092 Current date / time: 2012/10/06 18:16:19.0812
18:16:19.0812 2092 SystemInfo:
18:16:19.0812 2092
18:16:19.0812 2092 OS Version: 5.1.2600 ServicePack: 3.0
18:16:19.0812 2092 Product type: Workstation
18:16:19.0812 2092 ComputerName: OWNER-DC05388A1
18:16:19.0812 2092 UserName: Owner
18:16:19.0812 2092 Windows directory: C:\WINDOWS
18:16:19.0812 2092 System windows directory: C:\WINDOWS
18:16:19.0812 2092 Processor architecture: Intel x86
18:16:19.0812 2092 Number of processors: 2
18:16:19.0812 2092 Page size: 0x1000
18:16:19.0812 2092 Boot type: Normal boot
18:16:19.0812 2092 ============================================================
18:16:21.0359 2092 Drive \Device\Harddisk0\DR0 - Size: 0x951240000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:16:21.0359 2092 ============================================================
18:16:21.0359 2092 \Device\Harddisk0\DR0:
18:16:21.0359 2092 MBR partitions:
18:16:21.0359 2092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
18:16:21.0359 2092 ============================================================
18:16:21.0390 2092 C: <-> \Device\Harddisk0\DR0\Partition1
18:16:21.0390 2092 ============================================================
18:16:21.0390 2092 Initialize success
18:16:21.0390 2092 ============================================================
18:16:28.0343 0548 ============================================================
18:16:28.0343 0548 Scan started
18:16:28.0343 0548 Mode: Manual;
18:16:28.0343 0548 ============================================================
18:16:28.0750 0548 ================ Scan system memory ========================
18:16:28.0750 0548 System memory - ok
18:16:28.0750 0548 ================ Scan services =============================
18:16:28.0906 0548 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
18:16:28.0906 0548 Aavmker4 - ok
18:16:28.0906 0548 Abiosdsk - ok
18:16:28.0906 0548 abp480n5 - ok
18:16:28.0968 0548 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:16:28.0968 0548 ACPI - ok
18:16:29.0000 0548 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:16:29.0000 0548 ACPIEC - ok
18:16:29.0031 0548 [ B244557D1B89EE61D00D93212DE7DDC9 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
18:16:29.0046 0548 ADIHdAudAddService - ok
18:16:29.0046 0548 adpu160m - ok

 

roguekiller

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 10/06/2012 18:26:55

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD400BD-08LRA0 +++++
--- User ---
[MBR] 0565faab3a8a3004c6fe152dae3093b7
[BSP] ddbc18d3aeeca2860bdeec9a0a208213 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport.txt >>
RKreport.txt

 

tdsskiller 2

sorry broni, I missed the rest of the log, here it is.

18:16:29.0093 0548 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:16:29.0093 0548 aec - ok
18:16:29.0140 0548 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:16:29.0140 0548 AFD - ok
18:16:29.0156 0548 Aha154x - ok
18:16:29.0156 0548 aic78u2 - ok
18:16:29.0171 0548 aic78xx - ok
18:16:29.0437 0548 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
18:16:29.0437 0548 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
18:16:29.0453 0548 Akamai ( HiddenFile.Multi.Generic ) - warning
18:16:29.0453 0548 Akamai - detected HiddenFile.Multi.Generic (1)
18:16:29.0500 0548 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:16:29.0500 0548 Alerter - ok
18:16:29.0515 0548 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:16:29.0515 0548 ALG - ok
18:16:29.0531 0548 AliIde - ok
18:16:29.0531 0548 amsint - ok
18:16:29.0562 0548 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:16:29.0562 0548 AppMgmt - ok
18:16:29.0578 0548 asc - ok
18:16:29.0578 0548 asc3350p - ok
18:16:29.0578 0548 asc3550 - ok
18:16:29.0718 0548 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:16:29.0718 0548 aspnet_state - ok
18:16:29.0765 0548 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:16:29.0765 0548 aswFsBlk - ok
18:16:29.0781 0548 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
18:16:29.0781 0548 aswMon2 - ok
18:16:29.0828 0548 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
18:16:29.0828 0548 aswRdr - ok
18:16:29.0859 0548 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
18:16:29.0859 0548 aswSnx - ok
18:16:29.0890 0548 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
18:16:29.0890 0548 aswSP - ok
18:16:29.0906 0548 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
18:16:29.0906 0548 aswTdi - ok
18:16:29.0937 0548 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:16:29.0937 0548 AsyncMac - ok
18:16:29.0968 0548 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:16:29.0968 0548 atapi - ok
18:16:29.0984 0548 Atdisk - ok
18:16:30.0015 0548 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:16:30.0015 0548 Atmarpc - ok
18:16:30.0062 0548 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:16:30.0062 0548 AudioSrv - ok
18:16:30.0093 0548 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:16:30.0093 0548 audstub - ok
18:16:30.0187 0548 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:16:30.0187 0548 avast! Antivirus - ok
18:16:30.0234 0548 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:16:30.0250 0548 Beep - ok
18:16:30.0296 0548 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:16:30.0328 0548 BITS - ok
18:16:30.0375 0548 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:16:30.0375 0548 Browser - ok
18:16:30.0578 0548 catchme - ok
18:16:30.0593 0548 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:16:30.0593 0548 cbidf2k - ok
18:16:30.0593 0548 cd20xrnt - ok
18:16:30.0640 0548 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:16:30.0640 0548 Cdaudio - ok
18:16:30.0687 0548 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:16:30.0687 0548 Cdfs - ok
18:16:30.0734 0548 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:16:30.0734 0548 Cdrom - ok
18:16:30.0765 0548 [ 61305C679E5766A03A09C0E966939206 ] CFRMD C:\WINDOWS\system32\DRIVERS\CFRMD.sys
18:16:30.0765 0548 CFRMD - ok
18:16:30.0765 0548 Changer - ok
18:16:30.0781 0548 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:16:30.0781 0548 CiSvc - ok
18:16:30.0796 0548 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:16:30.0796 0548 ClipSrv - ok
18:16:30.0875 0548 [ 9A5E6527E49415D6ED1572719AFE2EF0 ] CLPSLauncher C:\Program Files\Common Files\Comodo\launcher_service.exe
18:16:30.0875 0548 CLPSLauncher - ok
18:16:30.0921 0548 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:16:30.0921 0548 clr_optimization_v2.0.50727_32 - ok
18:16:31.0000 0548 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:16:31.0000 0548 clr_optimization_v4.0.30319_32 - ok
18:16:31.0156 0548 [ 907324001AE25AC5959C91EAA34CABAE ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
18:16:31.0171 0548 cmdAgent - ok
18:16:31.0250 0548 [ BEE235831F8E3F0BAACA18B39D285CF5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
18:16:31.0250 0548 cmdGuard - ok
18:16:31.0265 0548 [ DE548946F36CAB62FEC2E6AA0149A619 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
18:16:31.0265 0548 cmdHlp - ok
18:16:31.0265 0548 CmdIde - ok
18:16:31.0281 0548 COMSysApp - ok
18:16:31.0281 0548 Cpqarray - ok
18:16:31.0343 0548 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:16:31.0343 0548 CryptSvc - ok
18:16:31.0343 0548 dac2w2k - ok
18:16:31.0359 0548 dac960nt - ok
18:16:31.0406 0548 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:16:31.0437 0548 DcomLaunch - ok
18:16:31.0484 0548 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:16:31.0484 0548 Dhcp - ok
18:16:31.0531 0548 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:16:31.0531 0548 Disk - ok
18:16:31.0531 0548 dmadmin - ok
18:16:31.0593 0548 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:16:31.0609 0548 dmboot - ok
18:16:31.0640 0548 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:16:31.0640 0548 dmio - ok
18:16:31.0671 0548 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:16:31.0671 0548 dmload - ok
18:16:31.0703 0548 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:16:31.0703 0548 dmserver - ok
18:16:31.0750 0548 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:16:31.0750 0548 DMusic - ok
18:16:31.0812 0548 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:16:31.0812 0548 Dnscache - ok
18:16:31.0843 0548 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:16:31.0859 0548 Dot3svc - ok
18:16:31.0875 0548 dpti2o - ok
18:16:31.0906 0548 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:16:31.0906 0548 drmkaud - ok
18:16:31.0953 0548 [ 8942419786970ADB32B05BB7950AEE72 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:16:31.0953 0548 e1express - ok
18:16:32.0000 0548 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:16:32.0000 0548 EapHost - ok
18:16:32.0031 0548 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:16:32.0031 0548 ERSvc - ok
18:16:32.0078 0548 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:16:32.0093 0548 Eventlog - ok
18:16:32.0156 0548 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:16:32.0156 0548 EventSystem - ok
18:16:32.0203 0548 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:16:32.0203 0548 Fastfat - ok
18:16:32.0250 0548 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:16:32.0265 0548 FastUserSwitchingCompatibility - ok
18:16:32.0296 0548 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:16:32.0296 0548 Fdc - ok
18:16:32.0343 0548 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:16:32.0343 0548 Fips - ok
18:16:32.0359 0548 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:16:32.0359 0548 Flpydisk - ok
18:16:32.0406 0548 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:16:32.0406 0548 FltMgr - ok
18:16:32.0468 0548 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:16:32.0468 0548 FontCache3.0.0.0 - ok
18:16:32.0500 0548 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:16:32.0500 0548 Fs_Rec - ok
18:16:32.0515 0548 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:16:32.0515 0548 Ftdisk - ok
18:16:32.0562 0548 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:16:32.0562 0548 Gpc - ok
18:16:32.0671 0548 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:16:32.0671 0548 gupdate - ok
18:16:32.0687 0548 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:16:32.0687 0548 gupdatem - ok
18:16:32.0734 0548 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:16:32.0734 0548 gusvc - ok
18:16:32.0781 0548 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:16:32.0781 0548 HDAudBus - ok
18:16:32.0875 0548 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:16:32.0875 0548 helpsvc - ok
18:16:32.0890 0548 HidServ - ok
18:16:32.0921 0548 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:16:32.0921 0548 hkmsvc - ok
18:16:32.0937 0548 hpn - ok
18:16:32.0984 0548 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:16:32.0984 0548 HTTP - ok
18:16:33.0015 0548 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:16:33.0031 0548 HTTPFilter - ok
18:16:33.0031 0548 i2omgmt - ok
18:16:33.0046 0548 i2omp - ok
18:16:33.0093 0548 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:16:33.0093 0548 i8042prt - ok
18:16:33.0328 0548 [ 2AAE7BE67911F4AEC9AD28E9CFB9096F ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:16:33.0359 0548 ialm - ok
18:16:33.0437 0548 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:16:33.0468 0548 idsvc - ok
18:16:33.0500 0548 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:16:33.0500 0548 Imapi - ok
18:16:33.0531 0548 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:16:33.0531 0548 ImapiService - ok
18:16:33.0546 0548 ini910u - ok
18:16:33.0593 0548 [ F89849CF13805EF49DA64A8A63193AF7 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
18:16:33.0593 0548 Inspect - ok
18:16:33.0593 0548 IntelIde - ok
18:16:33.0640 0548 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:16:33.0656 0548 intelppm - ok
18:16:33.0734 0548 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
18:16:33.0734 0548 IntuitUpdateServiceV4 - ok
18:16:33.0765 0548 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:16:33.0765 0548 Ip6Fw - ok
18:16:33.0796 0548 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:16:33.0796 0548 IpFilterDriver - ok
18:16:33.0796 0548 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:16:33.0796 0548 IpInIp - ok
18:16:33.0828 0548 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:16:33.0843 0548 IpNat - ok
18:16:33.0875 0548 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:16:33.0890 0548 IPSec - ok
18:16:33.0921 0548 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:16:33.0921 0548 IRENUM - ok
18:16:33.0968 0548 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:16:33.0968 0548 isapnp - ok
18:16:34.0156 0548 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:16:34.0156 0548 JavaQuickStarterService - ok
18:16:34.0203 0548 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:16:34.0203 0548 Kbdclass - ok
18:16:34.0218 0548 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:16:34.0218 0548 kmixer - ok
18:16:34.0265 0548 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:16:34.0265 0548 KSecDD - ok
18:16:34.0328 0548 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
18:16:34.0328 0548 LanmanServer - ok
18:16:34.0375 0548 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:16:34.0390 0548 lanmanworkstation - ok
18:16:34.0390 0548 Lavasoft Kernexplorer - ok
18:16:34.0406 0548 lbrtfdc - ok
18:16:34.0453 0548 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:16:34.0453 0548 LmHosts - ok
18:16:34.0531 0548 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
18:16:34.0531 0548 McciCMService - ok
18:16:34.0546 0548 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:16:34.0562 0548 Messenger - ok
18:16:34.0593 0548 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:16:34.0593 0548 mnmdd - ok
18:16:34.0640 0548 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:16:34.0640 0548 mnmsrvc - ok
18:16:34.0671 0548 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:16:34.0671 0548 Modem - ok
18:16:34.0687 0548 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:16:34.0687 0548 Mouclass - ok
18:16:34.0750 0548 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:16:34.0750 0548 MountMgr - ok
18:16:34.0796 0548 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:16:34.0796 0548 MozillaMaintenance - ok
18:16:34.0796 0548 mraid35x - ok
18:16:34.0812 0548 MREMP50 - ok
18:16:34.0812 0548 MRESP50 - ok
18:16:34.0859 0548 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:16:34.0859 0548 MRxDAV - ok
18:16:34.0921 0548 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:16:34.0921 0548 MRxSmb - ok
18:16:34.0953 0548 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:16:34.0968 0548 MSDTC - ok
18:16:34.0984 0548 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:16:34.0984 0548 Msfs - ok
18:16:35.0000 0548 MSIServer - ok
18:16:35.0015 0548 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:16:35.0015 0548 MSKSSRV - ok
18:16:35.0031 0548 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:16:35.0031 0548 MSPCLOCK - ok
18:16:35.0046 0548 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:16:35.0046 0548 MSPQM - ok
18:16:35.0078 0548 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:16:35.0078 0548 mssmbios - ok
18:16:35.0125 0548 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:16:35.0125 0548 Mup - ok
18:16:35.0171 0548 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:16:35.0187 0548 napagent - ok
18:16:35.0203 0548 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:16:35.0218 0548 NDIS - ok
18:16:35.0265 0548 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:16:35.0265 0548 NdisTapi - ok
18:16:35.0312 0548 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:16:35.0312 0548 Ndisuio - ok
18:16:35.0328 0548 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:16:35.0328 0548 NdisWan - ok
18:16:35.0390 0548 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:16:35.0390 0548 NDProxy - ok
18:16:35.0437 0548 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:16:35.0437 0548 NetBIOS - ok
18:16:35.0453 0548 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:16:35.0453 0548 NetBT - ok
18:16:35.0500 0548 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:16:35.0515 0548 NetDDE - ok
18:16:35.0515 0548 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:16:35.0531 0548 NetDDEdsdm - ok
18:16:35.0578 0548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:16:35.0578 0548 Netlogon - ok
18:16:35.0625 0548 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:16:35.0640 0548 Netman - ok
18:16:35.0703 0548 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:16:35.0703 0548 NetTcpPortSharing - ok
18:16:35.0718 0548 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:16:35.0734 0548 Nla - ok
18:16:35.0750 0548 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:16:35.0750 0548 Npfs - ok
18:16:35.0812 0548 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:16:35.0828 0548 Ntfs - ok
18:16:35.0828 0548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:16:35.0843 0548 NtLmSsp - ok
18:16:35.0875 0548 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:16:35.0890 0548 NtmsSvc - ok
18:16:35.0921 0548 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:16:35.0921 0548 Null - ok
18:16:35.0968 0548 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:16:35.0968 0548 NwlnkFlt - ok
18:16:35.0968 0548 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:16:35.0968 0548 NwlnkFwd - ok
18:16:36.0000 0548 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:16:36.0000 0548 Parport - ok
18:16:36.0015 0548 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:16:36.0015 0548 PartMgr - ok
18:16:36.0062 0548 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:16:36.0062 0548 ParVdm - ok
18:16:36.0078 0548 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:16:36.0078 0548 PCI - ok
18:16:36.0093 0548 PCIDump - ok
18:16:36.0093 0548 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:16:36.0093 0548 PCIIde - ok
18:16:36.0125 0548 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:16:36.0125 0548 Pcmcia - ok
18:16:36.0125 0548 PDCOMP - ok
18:16:36.0125 0548 PDFRAME - ok
18:16:36.0140 0548 PDRELI - ok
18:16:36.0140 0548 PDRFRAME - ok
18:16:36.0156 0548 perc2 - ok
18:16:36.0156 0548 perc2hib - ok
18:16:36.0203 0548 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:16:36.0218 0548 PlugPlay - ok
18:16:36.0234 0548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:16:36.0234 0548 PolicyAgent - ok
18:16:36.0250 0548 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:16:36.0250 0548 PptpMiniport - ok
18:16:36.0265 0548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:16:36.0265 0548 ProtectedStorage - ok
18:16:36.0281 0548 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:16:36.0281 0548 PSched - ok
18:16:36.0296 0548 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:16:36.0296 0548 Ptilink - ok
18:16:36.0312 0548 ql1080 - ok
18:16:36.0312 0548 Ql10wnt - ok
18:16:36.0312 0548 ql12160 - ok
18:16:36.0328 0548 ql1240 - ok
18:16:36.0328 0548 ql1280 - ok
18:16:36.0375 0548 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:16:36.0375 0548 RasAcd - ok
18:16:36.0406 0548 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:16:36.0421 0548 RasAuto - ok
18:16:36.0453 0548 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:16:36.0453 0548 Rasl2tp - ok
18:16:36.0468 0548 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:16:36.0484 0548 RasMan - ok
18:16:36.0500 0548 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:16:36.0500 0548 RasPppoe - ok
18:16:36.0500 0548 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:16:36.0515 0548 Raspti - ok
18:16:36.0531 0548 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:16:36.0531 0548 Rdbss - ok
18:16:36.0546 0548 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:16:36.0546 0548 RDPCDD - ok
18:16:36.0609 0548 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:16:36.0609 0548 rdpdr - ok
18:16:36.0656 0548 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:16:36.0656 0548 RDPWD - ok
18:16:36.0718 0548 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:16:36.0734 0548 RDSessMgr - ok
18:16:36.0781 0548 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:16:36.0781 0548 redbook - ok
18:16:36.0828 0548 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:16:36.0828 0548 RemoteAccess - ok
18:16:36.0859 0548 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:16:36.0875 0548 RemoteRegistry - ok
18:16:36.0921 0548 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:16:36.0921 0548 RpcLocator - ok
18:16:36.0953 0548 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:16:36.0953 0548 RpcSs - ok
18:16:37.0015 0548 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:16:37.0031 0548 RSVP - ok
18:16:37.0031 0548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:16:37.0046 0548 SamSs - ok
18:16:37.0109 0548 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:16:37.0109 0548 SCardSvr - ok
18:16:37.0156 0548 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:16:37.0187 0548 Schedule - ok
18:16:37.0203 0548 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:16:37.0203 0548 Secdrv - ok
18:16:37.0250 0548 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:16:37.0250 0548 seclogon - ok
18:16:37.0281 0548 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:16:37.0281 0548 SENS - ok
18:16:37.0296 0548 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:16:37.0296 0548 serenum - ok
18:16:37.0312 0548 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:16:37.0312 0548 Serial - ok
18:16:37.0375 0548 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:16:37.0375 0548 Sfloppy - ok
18:16:37.0406 0548 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:16:37.0421 0548 SharedAccess - ok
18:16:37.0437 0548 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:16:37.0437 0548 ShellHWDetection - ok
18:16:37.0453 0548 Simbad - ok
18:16:37.0468 0548 Sparrow - ok
18:16:37.0500 0548 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:16:37.0515 0548 splitter - ok
18:16:37.0562 0548 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:16:37.0562 0548 Spooler - ok
18:16:37.0625 0548 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:16:37.0625 0548 sr - ok
18:16:37.0640 0548 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:16:37.0671 0548 srservice - ok
18:16:37.0718 0548 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:16:37.0718 0548 Srv - ok
18:16:37.0765 0548 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:16:37.0781 0548 SSDPSRV - ok
18:16:37.0828 0548 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
18:16:37.0828 0548 StillCam - ok
18:16:37.0890 0548 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:16:37.0906 0548 stisvc - ok
18:16:37.0921 0548 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:16:37.0921 0548 swenum - ok
18:16:37.0937 0548 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:16:37.0937 0548 swmidi - ok
18:16:37.0953 0548 SwPrv - ok
18:16:37.0953 0548 symc810 - ok
18:16:37.0953 0548 symc8xx - ok
18:16:37.0968 0548 sym_hi - ok
18:16:37.0968 0548 sym_u3 - ok
18:16:38.0015 0548 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:16:38.0015 0548 sysaudio - ok
18:16:38.0062 0548 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:16:38.0078 0548 SysmonLog - ok
18:16:38.0125 0548 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:16:38.0156 0548 TapiSrv - ok
18:16:38.0218 0548 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:16:38.0218 0548 Tcpip - ok
18:16:38.0250 0548 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:16:38.0250 0548 TDPIPE - ok
18:16:38.0265 0548 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:16:38.0265 0548 TDTCP - ok
18:16:38.0296 0548 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:16:38.0296 0548 TermDD - ok
18:16:38.0343 0548 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:16:38.0359 0548 TermService - ok
18:16:38.0375 0548 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:16:38.0390 0548 Themes - ok
18:16:38.0437 0548 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:16:38.0453 0548 TlntSvr - ok
18:16:38.0453 0548 TosIde - ok
18:16:38.0515 0548 [ A147180FC61769BF4EB6FF94D499970C ] TPM C:\WINDOWS\system32\DRIVERS\tpm.sys
18:16:38.0515 0548 TPM - ok
18:16:38.0562 0548 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:16:38.0578 0548 TrkWks - ok
18:16:38.0656 0548 [ AAF458CC200326BEF602B5339400BF86 ] tvnserver C:\Program Files\Common Files\Comodo\tvnserver.exe
18:16:38.0656 0548 tvnserver - ok
18:16:38.0703 0548 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:16:38.0718 0548 Udfs - ok
18:16:38.0718 0548 ultra - ok
18:16:38.0765 0548 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:16:38.0765 0548 Update - ok
18:16:38.0796 0548 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:16:38.0812 0548 upnphost - ok
18:16:38.0828 0548 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:16:38.0843 0548 UPS - ok
18:16:38.0875 0548 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:16:38.0875 0548 usbehci - ok
18:16:38.0921 0548 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:16:38.0921 0548 usbhub - ok
18:16:38.0968 0548 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:16:38.0968 0548 usbscan - ok
18:16:39.0000 0548 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:16:39.0000 0548 USBSTOR - ok
18:16:39.0046 0548 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:16:39.0046 0548 usbuhci - ok
18:16:39.0062 0548 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:16:39.0062 0548 VgaSave - ok
18:16:39.0062 0548 ViaIde - ok
18:16:39.0093 0548 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:16:39.0093 0548 VolSnap - ok
18:16:39.0140 0548 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:16:39.0187 0548 VSS - ok
18:16:39.0234 0548 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:16:39.0250 0548 W32Time - ok
18:16:39.0281 0548 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:16:39.0281 0548 Wanarp - ok
18:16:39.0281 0548 WDICA - ok
18:16:39.0296 0548 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:16:39.0312 0548 wdmaud - ok
18:16:39.0312 0548 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:16:39.0328 0548 WebClient - ok
18:16:39.0421 0548 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:16:39.0421 0548 winmgmt - ok
18:16:39.0484 0548 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
18:16:39.0531 0548 WinRM - ok
18:16:39.0578 0548 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:16:39.0578 0548 WmdmPmSN - ok
18:16:39.0640 0548 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:16:39.0671 0548 Wmi - ok
18:16:39.0718 0548 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:16:39.0718 0548 WmiApSrv - ok
18:16:39.0843 0548 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:16:39.0843 0548 WMPNetworkSvc - ok
18:16:39.0953 0548 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:16:39.0984 0548 WPFFontCache_v0400 - ok
18:16:40.0031 0548 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:16:40.0031 0548 WS2IFSL - ok
18:16:40.0062 0548 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:16:40.0078 0548 wscsvc - ok
18:16:40.0125 0548 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:16:40.0140 0548 wuauserv - ok
18:16:40.0187 0548 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:16:40.0187 0548 WudfPf - ok
18:16:40.0203 0548 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:16:40.0203 0548 WudfRd - ok
18:16:40.0250 0548 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:16:40.0265 0548 WudfSvc - ok
18:16:40.0312 0548 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:16:40.0343 0548 WZCSVC - ok
18:16:40.0375 0548 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:16:40.0375 0548 xmlprov - ok
18:16:40.0390 0548 ================ Scan global ===============================
18:16:40.0421 0548 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:16:40.0468 0548 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:16:40.0484 0548 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:16:40.0515 0548 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:16:40.0515 0548 [Global] - ok
18:16:40.0515 0548 ================ Scan MBR ==================================
18:16:40.0546 0548 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:16:40.0718 0548 \Device\Harddisk0\DR0 - ok
18:16:40.0718 0548 ================ Scan VBR ==================================
18:16:40.0718 0548 [ 7159DB60E418AE6C5468AC8B513E14E9 ] \Device\Harddisk0\DR0\Partition1
18:16:40.0718 0548 \Device\Harddisk0\DR0\Partition1 - ok
18:16:40.0718 0548 ============================================================
18:16:40.0718 0548 Scan finished
18:16:40.0718 0548 ============================================================
18:16:40.0734 1484 Detected object count: 1
18:16:40.0734 1484 Actual detected object count: 1
18:17:04.0625 1484 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:17:04.0625 1484 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

 

thanks Broni!!!

 

your last instructions

Please proceed, MBR still reports an infection of win32 malware gen.

 

virustotal

Do you want the analysis tab results or the additional information tab or both?